Home » Categories » Multiple Categories

How do I configure FrontDoor to pull users from Active Directory?

Applies to

  • FrontDoor 6.1+


This article is for Pros Only. We will not explain concepts of Lightweight Directory Access Protocols or Active Directory. Since configuration is occurring within your Active Directory system, Tightrope Support is unable to provide direct support of this process, only direction.

This integration will allow you to control who can log into Carousel from your domain controller. The Active Directory integration allows general control over who can log into the system, then FrontDoor allows you to further refine that control with our role based permissions system.

We use ASP.NET forms-based authentication with custom Active Directory authentication in the background, instead of IIS’s built-in NT Integrated Authentication. We do this because the IIS Integrated only works if you are using Internet Explorer on a Windows machine. With the forms-based authentication we can still use the domain to authenticate users, but are also compatible with all web browsers and platforms. Since forms-based authentication uses cleartext passwords, to increase security you can install a SSL certificate on the web server and run HTTPS.

Active Directory integrations are only supported on Windows Server operating systems, though they may still be possible on lower editions of Windows.
  1.  Join the Carousel Server to the domain.
  2. Run the IIS AppPool for all sites as an account that can query the domain controller.
  3. Create Active Directory groups. (These are hard coded, requiring correct spelling and capitalization)
    1. TRMS_Users
    2. TRMS_Admins
  4. All users who need to log in will need to be a member of TRMS_Users. Those who should be granted full administrator rights should be members of both.
  5. Modify the C:\TRMS\Configuration\connectionStrings.config file with the correct LDAP server.
  6. Modify the C:\TRMS\Configuration\membership.configfile.
    1. Change the defaultProvider to ADMembershipProvider.
    2. Uncomment the entry for ADMembershipProvider by removing the <!-- and --> entries.
    3. Enter the user name and password, or remove those entries to use the IIS AppPool credentials.
  7. Attempt to login to FrontDoor using an Active Directory account.

Additional Information

When FrontDoor authenticates using Active Directory it enumerates all the users in the TRMS_Users and TRMS_Admins groups. There are several fields that FrontDoor requires to be set on all of the users. If you experience problems with Active Directory integration, ensure that all the users have the fields below populated:

  • DistinguishedName
  • UserPrincipalName
  • GivenName
  • SN

FrontDoor is pulling the user’s First name and Last name from Active Directory using the givenName and sn fields. All users in TRMS_Users and TRMS_Admins (Active Directory User Groups) must have the First and Last Name (givenName and sn) populated.

By default, users log into FrontDoor using their UserPrincipalName, such as “”. If you would prefer, you can set FrontDoor to use the SAMAccountName. To enable this, add attributeMapUsername=“sAMAccountName” to the ADMembershipProvider section of the membership.config file.

If your setup requires it, add the following two lines to the membership.config file in the ADMembershipProvider section:



2 (1)
Article Rating (1 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Locating my hardware license key
Viewed 5356 times since Wed, Sep 17, 2014
How do I install the Carousel Player Software?
Viewed 6238 times since Fri, Apr 21, 2017
Licensing my server
Viewed 3223 times since Wed, Sep 17, 2014
When accessing Frontdoor, I get an "HTTP Error 404.2 – Not Found" error
Viewed 2671 times since Mon, Mar 2, 2015
How do I install the Carousel Server Software?
Viewed 4385 times since Thu, Mar 23, 2017
Submitting a bug report to Tightrope
Viewed 2466 times since Thu, Jan 8, 2015
I get an error that "There is insufficient memory in resource pool "internal" to run this query."
Viewed 1877 times since Fri, Sep 11, 2015
.NET 3.5 does not install during Carousel installation
Viewed 312 times since Tue, Jul 17, 2018
TRMS Software Compatibility Chart
Viewed 3394 times since Mon, Jun 8, 2015
Can I have a separate SQL server for FrontDoor/Carousel?
Viewed 2335 times since Thu, Nov 13, 2014