Active Directory Settings

Active Directly Settings is a newly added feature. To add the users or groups from any domain, subdomain from different trusted forests, from Settings, go to Active Directory Settings.

Note: Active Directory settings would be available if you are logged in as an administrator.

 

Enabling AD Forest:

In the Active Directory settings tab, you'll find one option: 

•    Enable AD Forest

Note: The checkbox is unchecked by default.

When you checked the ‘Enable AD Forest ’ checkbox, the following options would appear: 


 
Enter the domains name in the Allowed domains field. The domain names should be comma separated. If this field is empty, then it would consider all the available domain under all trusted forest. (It is recommended to mention allowed domains for better performance.)

The Forest Searcher Timeout is 5 seconds by default. The timeout can be increased up to 30 seconds in case there is difficulty in adding AD users or Groups from forest. 

The ‘Use SID first for directory searcher’ checkbox is checked by default. You can uncheck the checkbox if the logging time is comparatively higher. 

Click Save to save the settings.

Disabling AD Forest:

The AD forest can be disabled by unchecking the ‘Enable AD Forest’ checkbox. 


 
When you uncheck the checkbox, the pop would appear with text message: Disabling AD Forest feature may delete some users and Ad groups. Click OK to proceed further.

It would be having following impacts:

•    All the users and groups from the other domains/forests will be deleted

•    All the logged in users from other domains/forests will be logged out immediately

Click Save to save the settings. 

All the logged-out users would get the popup message:

Note: If deleted AD user was directly part of user management and assigned to some flow then the flow assignee will appear blank. Also, if  the AD user will be removed from the User management due to that the mapping under Team Management will also get removed. In this case you have add AD User and Team mapping again.
 
For more information about AD Forest, refer the link: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/concepts-resource-forest