Configure authentication with Active Directory

Configure authentication with Active Directory

   KB 21796        Last updated on 2023-02-6  

(0 votes)

Configure authentication with Active Directory


In this article we will explore the steps that needs to be taken in order to configure authentication with Active Directory and Zimbra Collaboration. Last validated on Zimbra 10 and Windows Server 2022.

The scope of this article does not cover the configuration of AD. Check the Additional Content section at the bottom for instructions on AD installation.



1. For this article we will be using Windows Server 2012. 2. Active Directory configured with couple of users which we will use to test the configuration (see below).


3. Right click on each user and select Properties. Make sure that each user has User Logon Name configured under the Account tab.


Part 1

Login to the AdminUI and navigate to the Configuration section.


Click on the Domains on the left side to show the available domains on the right side. Right click the domain you would like to configure, and select Configure Authentication option.


On the following window select External Active Directory.


Enter the AD domain name and its name/IP.


Leave the next window as it is.


After completing the configuration, you can test if the authentication works on the next window.


Leave the next two windows unchanged.



Part 2

To synchronize Zimbra with Active Directory, we need to create the same account names in Zimbra.

Click on the Home button to get back to the Manage option.


Click on the Manage button to access the user section.


Click on the button top-right and select New, to create new user.


The user that we will create must have the same name as the AD user for which we are creating login. The domain name should be the one used for zimbra, not the AD.


If we scroll down at the same user creation window, notice that there is no password section. That is because it is taken from AD.


Part 3

Test the configuration.

To test the configuration, we will try to login with the newly created user.


If you can log in, then the configuration has been successful.


Additional Content

LDAP+STARTTLS or LDAPS port 389 or 636

Eventually Microsoft will require the use of STARTTLS on port 389 making connections to port 389 encrypted after STARTTLS has been performed. See: in the meantime you can also use port 636 and use LDAPS. While LDAPS seems unofficially deprecated it is a secure option as ALL communication will be encrypted with TLS. See: and

Verified Against: Zimbra Collaboration 10, 9.0, 8.8, 8.0 Date Created: 03/24/2015
Article ID: Date Modified: 2023-02-06

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search