> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/server/web-interface/administration/configuration/server-settings/general/authentication/domain.md).

# Domain

The domain is used to authenticate the user. This is the most secure, flexible, and simple to manage. No need to synchronize users between the domain and Devolutions Server. With the ***Automatic user creation on first login*** option enabled, upon using Devolutions Server workspace for the first time, a user is created and given access rights according to their assigned role on the domain.

Simply grant the appropriate permissions for your [user groups](https://docs.devolutions.net/server/web-interface/user-groups-based-security/) in Devolutions Server, and Devolutions Server will automatically sync permissions if the user group matches the domain group to which the users belong.

Domain configuration is located in ***Administration*** – ***Server settings*** – ***Authentication*** – ***Domain*** in the web interface of Devolutions Server.

### Settings

#### Domain authentication

<table><thead><tr><th width="156">Option</th><th>Description</th></tr></thead><tbody><tr><td><strong>Domain</strong></td><td>Specify the remote computer domain name.</td></tr><tr><td><strong>Display name</strong></td><td>Enter the domain name to be displayed in various locations in the application, e.g., in informational messages.<br>Specify the Active Directory Organizational Unit (OU) or Group to restrict the search in a specific area in the Active Directory structure. The format must be the distinguished name (CN=Users,DC=windjammer,DC=loc).</td></tr><tr><td><strong>Administration credentials</strong></td><td>Add the credentials of a domain or service account to access the Active Directory forest and obtain user account information through LDAP queries. This account needs to be able to retrieve user account information and group memberships. It may require higher privileges than being part of the Domain Users built-in Active Directory group, although it should be sufficient in most cases.</td></tr></tbody></table>

#### Advanced settings

<table><thead><tr><th width="249">Option</th><th>Description</th></tr></thead><tbody><tr><td><strong>Preferred domain controller</strong></td><td>Set a preferred domain controller from the network domain list, forcing queries to go to a known, reliable Domain controller (DC).</td></tr><tr><td><strong>Domain containers</strong></td><td>Limit the scope of searches to specific domain containers.</td></tr><tr><td><strong>Browse domain containers</strong></td><td>Pick a domain container from the DC list or check the <em><strong>Use Devolutions Gateway</strong></em> box.</td></tr><tr><td><strong>Strategy</strong></td><td>Choose a strategy determining how to retrieve objects like groups, users, and subdomains.</td></tr></tbody></table>

#### LDAPS

<table><thead><tr><th width="225">Option</th><th>Description</th></tr></thead><tbody><tr><td><strong>Enable LDAPS</strong></td><td><ul><li><em><strong>Enable LDAPS</strong></em>: Enable the LDAP over SSL communication.</li><li><em><strong>Default</strong></em>: LDAPS default communication port.</li><li><em><strong>Custom</strong></em>: Set a specific port value.</li></ul></td></tr></tbody></table>

#### Auto-create domain users in database

<table><thead><tr><th width="231">Option</th><th>Description</th></tr></thead><tbody><tr><td><strong>Auto-create on first login</strong></td><td>Automatically create the domain user account in the Devolutions Server on the first login attempt.</td></tr><tr><td><strong>Only from this group</strong></td><td>Automatically create the user only if they are a member of this AD group.</td></tr><tr><td><strong>Username format</strong></td><td><p>Select the username format that will be created in the database.</p><ul><li><em><strong>UPN</strong></em>: The user will be created using the UPN format ex: bill@windjammer.loc.</li><li><em><strong>NetBios</strong></em>: The user will be created using the NetBios format ex: WINDJAMMER\bill.</li><li><em><strong>Username</strong></em>: The user will be created using the SAM account name.</li></ul></td></tr></tbody></table>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.devolutions.net/server/web-interface/administration/configuration/server-settings/general/authentication/domain.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
