How to Migrate DiaWEB to a dif…
  • RSS Feed

Last modified on 2/7/2019 12:37 PM by User.

Tags:

How to Migrate DiaWEB to a different Active Directory

1. Run the following SQL to change DiaWEB authentication system to Forms.

update Enterprise set AuthType = 0

2. Restart DiaWEB's app pool in IIS.

Alternatively, make any change (like adding a new line) to the Web.config file in DiaWEB's root folder. This will restart DiaWEB as well.

3. Go manually to the following URL in DiaWEB (is not necessary to be authenticated):

/AdminReset/Reset

This will reset the password of  the "admin" account to the value specified in the app.config file, with the setting "DefaultPassword".

4. Login into DiaWEB with the admin account.

5. From Administration > Users, if needed, edit the "login" field of at least one user whose login/username in the new Active Directory is different.

With the following example, if the user is "testad@test.local", I only had to use the "testad" part.

Note: this could be done with a SQL script as well.

6. From Administration > System Settings > Edit:

6.1 Change the "Auth Provider" field to "Active Directory".

6.2 Change the "Domain Name" to the one of the new Active Directory.

The value for this field shouldn't include the "LDAP://" part.

If the Active Directory port is different to 389, it must be specified with the following  format:

<hostname>:<port>

For example: test.local:5000

Note: there is currently a validation in DiaWEB that ensures the domain name is "a valid path in the directory service". If this fails, the error shown is "Invalid domain name". I had to  remove this validation from the code in order to connect to a remote Active Directory in an AWS instance.

6. Go manually to the following URL to restart DiaWEB and apply the changes (you'll need to be logged in):

/AdminTools/RestartApp

Or alternatively, make any change to the Web.config file.

7. Logout from DiaWEB.

8. Login using one Active Directory account (e.g. the one updated in step #5)

Testing connection and authentication to Active Directory

We can use the following program to test this before doing the same in DiaWEB. The program receives the same values that we have to use in DiaWEB. It also uses the same code. 

Binary: https://drive.google.com/file/d/1D-rW1TGHieFcqUkO1Nezapr7Wtsaqfd7/view?usp=sharing

Source Code: https://drive.google.com/file/d/1rurWUU5EkNxcQnxXT0Ru5H5zWQI4COUn/view?usp=sharing

Alternatively, we can use the trial version of the following software:

https://www.ldapsoft.com/ldapbrowser/ldapadmintool.html

Notice that for the authentication, it uses the "User DN" (User Distringuished Name), not just the "User logon name"  (we have to use this latter in DiaWEB).