Production Setup
⏱️10 minutes
Configure the connector to run as a Windows Service with automatic startup.
Install as Windows Service
We recommend using NSSM (Non-Sucking Service Manager) for reliable service management.
Step 1: Download NSSM
# Download NSSM
Invoke-WebRequest -Uri "https://nssm.cc/release/nssm-2.24.zip" `
-OutFile "C:\ADConnector\nssm.zip"
# Extract
Expand-Archive -Path "C:\ADConnector\nssm.zip" -DestinationPath "C:\ADConnector" -Force
# Copy to path
Copy-Item "C:\ADConnector\nssm-2.24\win64\nssm.exe" "C:\ADConnector\nssm.exe"Step 2: Install Service
cd C:\ADConnector
# Install the service
.\nssm.exe install ADConnector "C:\ADConnector\connector.exe"
# Configure parameters
.\nssm.exe set ADConnector AppParameters "--config C:\ADConnector\config.yaml"
# Set working directory
.\nssm.exe set ADConnector AppDirectory "C:\ADConnector"
# Configure environment variables
.\nssm.exe set ADConnector AppEnvironmentExtra "AD_SERVICE_PASSWORD=YourSecurePassword123!"
# Configure startup type
.\nssm.exe set ADConnector Start SERVICE_AUTO_START
# Configure recovery (restart on failure)
.\nssm.exe set ADConnector AppExit Default Restart
.\nssm.exe set ADConnector AppRestartDelay 5000
# Configure logging
.\nssm.exe set ADConnector AppStdout "C:\ADConnector\logs\service-stdout.log"
.\nssm.exe set ADConnector AppStderr "C:\ADConnector\logs\service-stderr.log"
.\nssm.exe set ADConnector AppRotateFiles 1
.\nssm.exe set ADConnector AppRotateBytes 10485760Step 3: Start Service
Start-Service ADConnector
Get-Service ADConnector✅Expected Result
Status Name DisplayName
------ ---- -----------
Running ADConnector ADConnectorService Management Commands
# Start service
Start-Service ADConnector
# Stop service
Stop-Service ADConnector
# Restart service
Restart-Service ADConnector
# Check status
Get-Service ADConnector
# View logs
Get-Content C:\ADConnector\logs\connector.log -Tail 50 -WaitConfigure Service Account (Optional)
For better security, run the service as a dedicated Windows user instead of Local System:
# Create local user for service
$password = ConvertTo-SecureString "ServicePassword123!" -AsPlainText -Force
New-LocalUser -Name "svc_adconnector" -Password $password -PasswordNeverExpires
# Grant permissions to installation folder
$acl = Get-Acl "C:\ADConnector"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(
"svc_adconnector", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
)
$acl.AddAccessRule($rule)
Set-Acl "C:\ADConnector" $acl
# Configure service to run as this user
.\nssm.exe set ADConnector ObjectName ".\svc_adconnector" "ServicePassword123!"Monitoring
Windows Event Log
The service logs to Windows Event Log:
Get-EventLog -LogName Application -Source ADConnector -Newest 20Health Checks
Monitor connector health in the Admin Portal:
- Connectors page shows online/offline status
- Last Seen timestamp indicates recent activity
- Alerts can be configured for offline connectors
Log Rotation
Logs are rotated automatically (configured above). Check log size:
Get-ChildItem C:\ADConnector\logs | Sort-Object Length -Descending | Format-Table Name, LengthFirewall Configuration
If using Windows Firewall, ensure outbound is allowed:
# Allow outbound to gateway (usually allowed by default)
New-NetFirewallRule -DisplayName "AD Unlock Gateway" `
-Direction Outbound `
-RemoteAddress api.adunlock.me `
-RemotePort 443 `
-Protocol TCP `
-Action AllowBackup and Recovery
Backup
Backup these files:
C:\ADConnector\config.yamlC:\ADConnector\certs\*
Compress-Archive -Path C:\ADConnector\config.yaml, C:\ADConnector\certs `
-DestinationPath "C:\Backup\adconnector-backup-$(Get-Date -Format 'yyyyMMdd').zip"Recovery
- Install connector executable
- Restore
config.yamlandcertsfolder - Reinstall service with NSSM
- Start service
Next Step
Last updated on