automation-suite
2023.4
false
- Getting started
- Host administration
- About the host level
- Managing system administrators
- Creating or deleting organizations
- Allowing or restricting basic authentication
- Configuring SSO: SAML 2.0
- Configuring SSO: Google
- Configuring SSO: Microsoft Entra ID
- Switching between Active Directory adapters
- Configuring system email notifications
- Audit logs for the host portal
- Organizations
- Authentication and security
- Licensing
- Tenants and services
- Accounts and roles
- External applications
- Testing in your organization
- Notifications
- Logging
- Troubleshooting
Automation Suite admin guide
Last updated Aug 22, 2025
UiPath® Identity Server provides support for two Active Directory adapters:
ad and ldapad.
-
adadapter: Legacy adapter that works only in standalone deployments. Theadadapter only operates on Windows and it supports external trust domains and NTLM, offering support for non-domain joined clients to authenticate. -
ldapadadapter: Adapter introduced in 2021.10. Theldapadadapter works in both standalone and Automation Suite deployments and it does not support external trust domains and NTLM for non-domain joined clients to authenticate.
The following table describes the two Active Directory adapters for each deployment model:
|
Deployment |
ad adapter
|
ldapad adapter
|
|---|---|---|
|
Automation Suite |
Not supported |
Supported |
Note:
All deployments prior to 2021.10 with Active Directory integration enabled keep the
ad adapter after upgrade. All other deployments get, by default, the ldapad adapter when Active Directory integration is enabled.
To determine the adapter type, a SQL query can be executed which checks the type of the adapter in the If
[identity].[DirectoryConnections] table.SELECT dc.* from [identity].[DirectoryConnections] dc
JOIN [identity].[Partitions] p ON p.[Id]=dc.[PartitionId]
WHERE p.[GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' AND dc.[IsDeleted]=0SELECT dc.* from [identity].[DirectoryConnections] dc
JOIN [identity].[Partitions] p ON p.[Id]=dc.[PartitionId]
WHERE p.[GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' AND dc.[IsDeleted]=0
[Type]=ad, then the ad adapter is in use. If [Type]='ldapad', then the ldapad adapter is in use.
Note:
This is supported only in standalone deployments.
To switch from
ldapad to ad, take the following steps:
-
Check that
ldapadadapter is enabled by making sure the following query returns one row:SELECT dc.* from [identity].[DirectoryConnections] dc JOIN [identity].[Partitions] p ON p.[Id]=dc.[PartitionId] WHERE p.[GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' AND dc.[Type]='ldapad' AND dc.[IsDeleted]=0SELECT dc.* from [identity].[DirectoryConnections] dc JOIN [identity].[Partitions] p ON p.[Id]=dc.[PartitionId] WHERE p.[GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' AND dc.[Type]='ldapad' AND dc.[IsDeleted]=0 -
Connect to the Orchestrator/Identity database and run the following script, making sure to replace
FQDN-OF-DOMAINwith the fully qualified name of the default/main domain. With Active Directory integration enabled in the UiPath host portal, the following SQL script updates theDirectoryIdof Active Directory users and groups, soft-deletesldapaddirectory connections, and createsaddirectory connections.-- convert users IF OBJECT_ID('tempdb..#tmp_ldap_users') IS NOT NULL DROP TABLE #tmp_ldap_users SELECT [Id], [MasterPartitionId], CONCAT('ad', SUBSTRING([DirectoryId], 7, 256)) AS [DirectoryId] INTO #tmp_ldap_users FROM [identity].[AspNetUsers] WHERE [DirectoryId] LIKE 'ldapad|%' AND [IsDeleted]=0 --SELECT * FROM #tmp_ldap_users DELETE tmp FROM #tmp_ldap_users tmp JOIN [identity].[AspNetUsers] u ON u.[MasterPartitionId]=tmp.[MasterPartitionId] AND u.[DirectoryId]=tmp.[DirectoryId] --SELECT * FROM #tmp_ldap_users UPDATE u SET u.[DirectoryId]=tmp.[DirectoryId] FROM [identity].[AspNetUsers] u JOIN #tmp_ldap_users tmp on tmp.[Id]=u.[Id] -- create 'ad' directory connection DECLARE @HostPartitionId int -- host partition id SELECT @HostPartitionId = [Id] FROM [identity].[Partitions] WHERE [GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' UPDATE [identity].[DirectoryConnections] SET [IsDeleted]=1, [DeletionTime]=GETUTCDATE() WHERE [PartitionId]=@HostPartitionId AND [Type]='ldapad' and [IsDeleted]=0 SELECT * FROM [identity].[DirectoryConnections] WHERE [PartitionId]=@HostPartitionId AND [Type]='ad' and [IsDeleted]=0 IF @@ROWCOUNT=0 INSERT INTO [identity].[DirectoryConnections] ([PartitionId], [Type], [CreationTime], [Configuration], [IsDeleted]) VALUES (@HostPartitionId, 'ad', GETUTCDATE(), '{ "Domain": "<FQDN-OF-DOMAIN>" }', 0) SELECT * FROM [identity].[DirectoryConnections] WHERE [PartitionId]=@HostPartitionId AND [IsDeleted]=0-- convert users IF OBJECT_ID('tempdb..#tmp_ldap_users') IS NOT NULL DROP TABLE #tmp_ldap_users SELECT [Id], [MasterPartitionId], CONCAT('ad', SUBSTRING([DirectoryId], 7, 256)) AS [DirectoryId] INTO #tmp_ldap_users FROM [identity].[AspNetUsers] WHERE [DirectoryId] LIKE 'ldapad|%' AND [IsDeleted]=0 --SELECT * FROM #tmp_ldap_users DELETE tmp FROM #tmp_ldap_users tmp JOIN [identity].[AspNetUsers] u ON u.[MasterPartitionId]=tmp.[MasterPartitionId] AND u.[DirectoryId]=tmp.[DirectoryId] --SELECT * FROM #tmp_ldap_users UPDATE u SET u.[DirectoryId]=tmp.[DirectoryId] FROM [identity].[AspNetUsers] u JOIN #tmp_ldap_users tmp on tmp.[Id]=u.[Id] -- create 'ad' directory connection DECLARE @HostPartitionId int -- host partition id SELECT @HostPartitionId = [Id] FROM [identity].[Partitions] WHERE [GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' UPDATE [identity].[DirectoryConnections] SET [IsDeleted]=1, [DeletionTime]=GETUTCDATE() WHERE [PartitionId]=@HostPartitionId AND [Type]='ldapad' and [IsDeleted]=0 SELECT * FROM [identity].[DirectoryConnections] WHERE [PartitionId]=@HostPartitionId AND [Type]='ad' and [IsDeleted]=0 IF @@ROWCOUNT=0 INSERT INTO [identity].[DirectoryConnections] ([PartitionId], [Type], [CreationTime], [Configuration], [IsDeleted]) VALUES (@HostPartitionId, 'ad', GETUTCDATE(), '{ "Domain": "<FQDN-OF-DOMAIN>" }', 0) SELECT * FROM [identity].[DirectoryConnections] WHERE [PartitionId]=@HostPartitionId AND [IsDeleted]=0 -
Restart the Identity application pool by running
iisresetfrom an elevated prompt.
To switch your directory integration from
ad to
ldapad, follow these steps:
-
Check that the
adadapter is enabled by making sure the following query returns one row:SELECT dc.* from [identity].[DirectoryConnections] dc JOIN [identity].[Partitions] p ON p.[Id]=dc.[PartitionId] WHERE p.[GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' AND dc.[Type]='ad' AND dc.[IsDeleted]=0SELECT dc.* from [identity].[DirectoryConnections] dc JOIN [identity].[Partitions] p ON p.[Id]=dc.[PartitionId] WHERE p.[GlobalId]='FEB0DD79-85B6-483B-B297-0E49A1AA5B7D' AND dc.[Type]='ad' AND dc.[IsDeleted]=0 -
In the host portal, delete the existing Active Directory integration.
-
Reconfigure the directory integration, and under Directory integration select Configure.Note: When you switch from
adtoldapadall user settings and permissions are preserved, even during the delete and reconfigure steps. - Restart the IIS services.
For example, you can use the
iisresetcommand in the Command Prompt to reset the IIS services.
