Skip to Content
Setup Guide4. Install ConnectorBefore You Install

Before You Install the Connector

⏱️15 minutes

Complete this checklist before downloading the connector bundle. This prevents 90% of installation issues.

Do not skip this page. Most installation failures happen because prerequisites weren’t verified first.

Network Connectivity Checklist

Run these tests from the server where you’ll install the connector:

Test 1: Gateway Connectivity

# Must return TcpTestSucceeded: True
Test-NetConnection -ComputerName api.adunlock.me -Port 443
Expected Result
ComputerName     : api.adunlock.me
RemotePort       : 443
TcpTestSucceeded : True

Network

  • Gateway connectivity test passed

Test 2: Domain Controller Connectivity

# Replace with your DC hostname
Test-NetConnection -ComputerName dc01.company.local -Port 636
Expected Result
ComputerName     : dc01.company.local
RemotePort       : 636
TcpTestSucceeded : True

LDAPS

  • Domain Controller connectivity test passed

Test 3: DNS Resolution

Resolve-DnsName api.adunlock.me
Resolve-DnsName dc01.company.local

DNS

  • DNS resolution works for both hosts

Active Directory Checklist

Service Account Created

# Verify service account exists
Get-ADUser -Identity svc_adunlock -Properties Description
Expected Result
DistinguishedName : CN=AD Unlock Service,CN=Users,DC=company,DC=local
Enabled           : True
Name              : AD Unlock Service
SamAccountName    : svc_adunlock

Service Account

  • Service account exists and is enabled

Permissions Granted

Run the permissions verification:

$ou = "OU=Users,DC=company,DC=local"
dsacls $ou | Select-String "svc_adunlock"
Expected Result
Allow COMPANY\svc_adunlock    CONTROL ACCESS (Reset Password)
Allow COMPANY\svc_adunlock    WRITE PROPERTY (lockoutTime)

Permissions

  • Service account has Reset Password permission
  • Service account has Write lockoutTime permission

LDAPS Working

$ldapServer = "dc01.company.local"
$ldapPort = 636
 
try {
    $tcpClient = New-Object System.Net.Sockets.TcpClient
    $tcpClient.Connect($ldapServer, $ldapPort)
    $sslStream = New-Object System.Net.Security.SslStream($tcpClient.GetStream())
    $sslStream.AuthenticateAsClient($ldapServer)
    Write-Host "LDAPS connection successful" -ForegroundColor Green
    Write-Host "Certificate: $($sslStream.RemoteCertificate.Subject)"
    $sslStream.Close()
    $tcpClient.Close()
} catch {
    Write-Host "LDAPS connection failed: $_" -ForegroundColor Red
}

LDAPS

  • LDAPS connection test passed

Server Preparation Checklist

Windows Version

(Get-WmiObject Win32_OperatingSystem).Caption

OS

  • Windows Server 2016 or later (or Windows 10/11)

Create Installation Directory

New-Item -ItemType Directory -Path C:\ADConnector -Force
New-Item -ItemType Directory -Path C:\ADConnector\certs -Force
New-Item -ItemType Directory -Path C:\ADConnector\logs -Force

Directories

  • Installation directories created

Administrative Access

Permissions

  • You have local Administrator access
  • You can create Windows Services

SSL Inspection Check

Critical: If your network uses SSL inspection, the connector will fail to connect.

Test for SSL inspection:

# If this shows a different certificate than expected, SSL inspection is active
$webRequest = [Net.WebRequest]::Create("https://api.adunlock.me")
$webRequest.GetResponse() | Out-Null
$cert = $webRequest.ServicePoint.Certificate
Write-Host "Certificate Issuer: $($cert.Issuer)"
Expected Result

Issuer should be a public CA (Let’s Encrypt, DigiCert, etc.), NOT your company’s internal CA.

If SSL inspection is detected:

  1. Request exception for api.adunlock.me
  2. Or configure proxy bypass

SSL

  • SSL inspection not affecting api.adunlock.me

Information You’ll Need

Have these values ready before proceeding:

ItemValueWhere to Get
Tenant IDUUIDAdmin Portal → Settings
Connector IDUUIDAdmin Portal → Connectors → Create
Gateway URLwss://api.adunlock.me/wsProvided in bundle
AD ServerFQDNYour Domain Controller hostname
Service AccountDOMAIN\userAccount you created
Service Password•••••••Password for service account
Base DNDC=…Your AD structure
Allowed OUsOU=…OUs for self-service users

Information

  • All required information collected

Final Verification

Ready to Install?

  • All network connectivity tests passed
  • Service account created and permissions granted
  • LDAPS connection test passed
  • Installation directories created
  • SSL inspection not blocking
  • All required information collected

Ready?

If all items are checked:

→ Proceed to Installation

Something Failed?

Test FailedSolution
Gateway connectivityCheck firewall allows outbound 443 to api.adunlock.me
DC connectivityCheck firewall between connector and DC
LDAPS testVerify LDAPS is enabled on DC (Guide)
Service accountCreate account (Guide)
SSL inspection detectedRequest exception from security team
Last updated on
OverviewInstallation Steps