Overview
Parameters:ACTIVEDIRECTORYDOMAIN
Category: Login
Default value: ZENTRALE.ETASK.DE
Product: eTASK.Login
What does this parameter do?
This parameter defines the fully qualified domain names (FQDNs) of the Active Directory domains through which users can log in to the eTASK FM portal. The system uses LDAP for authentication and supports multiple domains for organizations with distributed Active Directory structures.
What is this parameter used for?
Specifying the primary Active Directory domain for user login
Configuring multiple login domains for multi-tenant environments
Providing failover authentication across multiple domains
Centralized management of LDAP authentication sources for the portal, OData API, and REST services
Support for various login formats (username or DOMAIN\username)
Technical Details (for Administrators)
Format: Fully Qualified Domain Name (FQDN) in the format DOMAIN.BEISPIEL.DE
Default value: ZENTRALE.ETASK.DE
Valid values:
- Single domain: ZENTRALE.ETASK.DE
- Multiple domains (separated by pipes): DOMAIN1.BEISPIEL.DE|DOMAIN2.BEISPIEL.DE|DOMAIN3.BEISPIEL.DE
Important notes:
The parameter uses the LDAP protocol for authentication
For multiple domains, authentication is performed sequentially (not in parallel)
The first successful authentication is used
Alternatively, users can log in using the format
DOMÄNE\Username(overrides the parameter)An empty value completely disables Active Directory authentication
The parameter only takes effect if
LOGINUSEACTIVEDIRECTORYis set to1is set
When should you change this value?
Set the value to a single domain if:
Your organization uses a central Active Directory domain
You want to restrict logon to a specific domain
You have migrated from an old to a new AD structure
Configure multiple domains (separated by pipes) if:
Your organization operates multiple independent Active Directory domains
You have users from different business units with separate domains
You want to ensure redundancy through failover authentication
Multiple AD structures exist in parallel following mergers or acquisitions
Important Notes
Sequential authentication across multiple domains
The system attempts authentication sequentially on each configured domain via LDAP. The first successful authentication is used. Unreachable domains result in timeouts and can significantly prolong the login process.Network connection and LDAP availability
The portal server must have an active network connection to all configured domain controllers. Ensure that LDAP ports (389/636) are accessible.Dependency on other parameters
—LOGINUSEACTIVEDIRECTORYmust be set to1set for this parameter to take effect -AUTOLOGINcan be used for automatic Windows authentication - For Azure AD login, other parameters are used (AZURECLIENTID,AZURETENANTID)username format and domain override
Users can also log in using the formatDOMÄNE\Username. In this case, the domain specified in the username is used and the configured parameter is overridden.Use in various authentication methods
The parameter is used for: standard login, AutoLogin, Basic Authentication, token-based authentication, and OData/REST API access.
Security
Does changing this parameter affect security?
Yes, this parameter is security-relevant.
Correct configuration ensures that only users from authorized domains are granted access
Invalid or unreachable domain names block legitimate logins
If multiple domains are used, all domains must comply with the same security standards
An empty parameter value completely disables AD authentication (security mechanism)
Unauthorized changes could completely block access or allow unauthorized domains
Data protection assessment:
The parameter itself does not store any personal data
LDAP authentication is performed via the configured Active Directory domains
Login attempts are logged in the application log (see
LOGINSTATISTICPERIODDAYS)
Conclusion: Changes should only be made by authorized administrators. Always test new configurations in a test environment before deploying them in production.
Practical example
Initial situation:
A company is merging with a subsidiary. Both organizations operate their own Active Directory domains: HAUPTFIRMA.LOCAL and TOCHTER.LOCAL. Employees of both companies should be able to log in to the shared eTASK Portal.
Configuration:
After the change:
Users from the main company log in with
max.mustermannorHAUPTFIRMA\max.mustermannlog inThe system first attempts LDAP authentication via
HAUPTFIRMA.LOCALIf successful, the user is logged in
Users of the subsidiary log in with
anna.schmidtlog inThe system first attempts
HAUPTFIRMA.LOCAL(fails), thenTOCHTER.LOCAL(succeeds)Both user groups have access to the portal
Result:
Seamless integration of both organizations without the need for an AD migration. Users retain their usual login credentials.
Alternative scenarios:
Scenario A - Migration with a transition period: - During the migration phase: ALTE-DOMAIN.DE|NEUE-DOMAIN.DE - Users can log in via both domains - After migration is complete: NEUE-DOMAIN.DE
Scenario B - Geographically distributed locations: - Europe: EU.FIRMA.COM - Americas: US.FIRMA.COM - Configuration: EU.FIRMA.COM|US.FIRMA.COM - Employees in both regions can log in
Recommended setting
For standard installations:Ihr-FQDN(specific to your organization)
Reason: - Use the full FQDN of your primary Active Directory domain - The value must exactly match the actual AD infrastructure - If you are unsure, contact your network administrator
Exceptions (multi-domain environments): - Mergers or acquisitions involving multiple independent AD structures - Geographically distributed locations with local domains - Parallel operation of test and production domains - Phased migration between domains
Tip: Start with a single domain and add more only when actually needed. Each additional domain can increase the login time in the event of failed authentication attempts.