How to configure Plesk to use a custom domain controller
Learn to join a Plesk Obsidian server to an Active Directory domain or specify a custom LDAP server for centralized user management. Follow these steps to configure authentication settings directly in the control panel.
You will configure your Plesk Obsidian server to authenticate users against a custom Active Directory or LDAP domain controller instead of the local system. These steps apply to Plesk Obsidian 18.x running on Windows Server 2019 or 2022. You will replace the default local authentication with a centralized directory service.
Prerequisites
- Windows Server 2019 or 2022 with Plesk Obsidian 18.x installed.
- A valid domain controller IP address or FQDN.
- Administrative credentials for the domain controller.
- Network connectivity between the Plesk server and the domain controller on port 389 (LDAP) and 636 (LDAPS).
- Active Directory account with permissions to create users and groups.
Step 1: Open the Domain Controller Settings
Log in to the Plesk Obsidian control panel using an administrator account. Navigate to the Tools & Settings section in the left sidebar. Click on Domain Controller to open the configuration page. This interface allows you to define the directory service used for user management.
Tools & Settings > Domain ControllerStep 2: Select the Directory Service Type
On the Domain Controller settings page, locate the Directory Service dropdown menu. Select Active Directory if your organization uses Microsoft AD, or LDAP for non-Microsoft directory services. Click Apply to save the selection. The system will validate the service type before allowing you to enter connection details.
Step 3: Enter the Domain Controller Connection Details
Enter the IP address or fully qualified domain name (FQDN) of your domain controller in the Domain Controller field. For example, type dc01.example.com or 192.168.1.10. If you are using LDAPS (LDAP over SSL), select the Use SSL checkbox and enter the CA certificate path if required. Click Apply to save the connection details.
Domain Controller: dc01.example.com
Use SSL: [Checked]
Port: 636Step 4: Configure the Domain and Organizational Unit
Enter your domain name in the Domain field, such as example.com. Specify the Organizational Unit (OU) where your user accounts are stored in the Organizational Unit field. For instance, enter Users or Domain Users. This ensures Plesk looks for accounts in the correct location within the directory tree. Click Apply to confirm the settings.
Step 5: Set the Authentication Method
Select the authentication method from the Authentication Method dropdown. Choose Simple for standard username/password authentication or Kerberos if your environment uses Kerberos tickets. If you select Kerberos, you must provide the Kerberos realm name, such as EXAMPLE.COM. Click Apply to finalize the authentication configuration.
Step 6: Map Plesk Users to AD Groups
Navigate to Tools & Settings > Groups to manage group mappings. Click Add Group to create a new mapping. Enter the name of the Active Directory group, such as PleskAdmins or WebServerUsers. Assign the appropriate Plesk roles to this group, such as Administrator or Reseller. Click Apply to save the mapping.
Verify the installation
Test the connection by logging in to the Plesk panel using a domain user account. Open a browser and navigate to https://your-plesk-server:8443. Enter a username from the Active Directory domain, such as domain\user, and the corresponding password. If the login succeeds and you see the Plesk dashboard, the configuration is correct.
Troubleshooting
Error: "Cannot connect to the domain controller"
This error usually indicates a network issue or incorrect credentials. Check that the Plesk server can resolve the domain controller hostname using nslookup dc01.example.com. Ensure port 389 or 636 is open on the firewall. Verify that the domain controller is reachable from the Plesk server IP.
nslookup dc01.example.com
Server: dns.example.com
Address: 192.168.1.1
Name: dc01.example.com
Address: 192.168.1.10Error: "Invalid credentials"
This occurs if the provided username or password is incorrect or lacks sufficient privileges. Confirm that the account has rights to read user objects and create groups. If using Kerberos, ensure the time synchronization between the Plesk server and the domain controller is within five minutes.
Error: "User not found in Organizational Unit"
Verify that the Organizational Unit name matches exactly what is defined in Active Directory. Check for spelling errors or case sensitivity issues. You can list OUs using the following command on the domain controller:
dsquery -o -h -search "OU=Users,DC=example,DC=com"Issue: SSL Certificate Errors
If you see a certificate warning, ensure the domain controller uses a trusted CA. Import the root CA certificate into the local certificate store on the Plesk server. Restart the Plesk service after updating certificates.
Issue: Group Mapping Failures
If users cannot log in despite correct credentials, check the group mapping configuration. Ensure the Active Directory group name is spelled correctly and that the group is not disabled. Refresh the group cache by restarting the plekserv service if necessary.
After resolving any issues, test the connection again. If problems persist, review the Plesk error logs located at C:\Program Files (x86)\Plesk\log. Look for entries related to LDAP or AD authentication failures. Correct the configuration based on the log messages.