Hello and welcome to 2021 – hopefully this year will be somewhat saner and positively inspiring than the last!

This month, I'd like to discuss binding Avid Nexis systems to Active Directory (LDAP). While it's quite simple once you have observed a working setup, I find the instructional steps in the Avid documentation a bit lacking in some information.

The instructions from Avid are quite good, assuming that you know both AD Authentication and Nexis quite well – but if you're unfamiliar with some aspects, it may be challenging – hopefully, these instructions will provide a bit more light into the requirements.

To bind a Nexis to LDAP, there are four crucial steps, in particular order.

  1. Adding MS DNS entries for Nexis hardware and ensuring all hardware can be pinged by name and in all directions
  2. Setting external authentication via Nexis web UI
  3. Run Avid's LDAP Sync Tool (on a client machine) to sync up and choose accounts/groups to share.
  4. Give AD users access via the Web UI, as you would a local Nexis user.

In more detail..

1. First, open MS Windows DNS Manager, add new host entries for the Nexis Director and Controller.

dns manager new host

After adding the hosts (A records), confirm they are visible in the list of machines.

digistor engine

2. In the Nexis web UI, ensure your DNS is set to the master server (Web UI > System > System Setup)

nexis web ui system

Important note: Now is a great opportunity to set NTP, which is crucial for proper binding and authentication. (Your NTP servers will likely have different IP addresses to what is shown below).

nexis web ui datetime

Ensure the Nexis can ping them all – in our case, we ensured we could ping the Nexis Director, Nexis Controller, and Domain Controller from Nexis by both hostname and fully qualified name

In our example:

ip digistor

To do this, we jumped back to the command line on the Nexis and performed test pings.

terminal commands

Now we have confirmed DNS looks solid, we will set the details in the Nexis Web UI > Users > External Authentication

Important note: the Domain Name must be a NETBIOS compliant domain structure (no dots allowed, as these tell applications to distinguish domain and netbios names) – in this example, Domain Name is digistor

The server entry is the fqdn of the AD host – in this example, Server 0 is DSINTSYSDC01.DIGISTOR.NET

external authentication

We can confirm the above domain name by running the following command on the Domain Controller: 'get-addomain | f1 name,domainmode'

get a domain

3. Setting the details in the Avid LDAP Sync Tool

Check the Account details of the binding account (DSmaster in this example) with the command 'Get-ADUser DSmaster' – this shows the CN path we require

get ad user

Now open the LDAP sync tool and log in using the engine name (and Nexis administrator password)

avid nexis login

Once in, we fill in the details as below – we could also use the hostname for LDAP if we wanted.

connect ldap server

We then chose the groups to sync and potentially individual users within those groups

sync groups

Then choose 'Synchronise Marked', and agree to add the user(s)

sync jordan

When complete, the application should advise the sync was successful

success

4. Back to the Nexis Web UI > Users, we should see the new AD user(s) have been added and flagged as 'Remote' – in our example below we can see their password is controlled by the Domain Controller.

jt controlled by ldap

Now simply give remote users access to workspaces and privileges as you would any local user.

I hope this rundown is useful for anyone who is wanting to setup their first AD sync with Avid Nexis.

Until next time, stay safe and productive!