DeskAlerts Registration Types
Overview
The DeskAlerts client supports multiple registration types to accommodate different enterprise environments and authentication requirements. This documentation describes each registration type, their prerequisites, and setup procedures.
Registration System Architecture
- Client Configuration: Registration type is configured in client's appsettings.json
- Server Validation: Server validates registration against AdConfig setting
- Authentication Methods: Range from simple manual entry to seamless domain integration
- Platform Support: Varies by registration type and operating system
Active Directory Configurations
The server-side AdConfig setting determines which registration types are allowed and affects the registration process. This section describes the available AdConfig values and their implications.
| AdConfig Value | Description | Allowed Registration Types | Use Case |
|---|---|---|---|
| AdOnly (0) | Only domain devices | SimpleAD (fallback to web form), AzureAD, SeamlessForAzureAD | Strict domain-only environments |
| MixedDeviceAdOnly (1) | Devices can be out of domain, but only AD type of registration | SimpleAD (fallback to web form), AzureAD, SeamlessForAzureAD | Mixed environments with AD authentication |
| Mixed (2) | All type of registrations | All registration types | Flexible environments supporting all authentication methods |
Registration Types
This section provides detailed information about each supported registration type, including implementation details, requirements, and platform support.
Simple Registration
Description
Manual registration through a web-based form. Users enter their credentials manually in a browser window.
How It Works:
- Opens a registration window with a web form
- User manually enters username, password, and domain information
- Form submits credentials to server for validation
- Registration window closes automatically on success
Requirements
Server Configuration:
- AdConfig must be set to Mixed (2)
- Registration page must be accessible at /api/page/Registration
Client Configuration:
- RegistrationType: 0 (Simple)
- Server URL must be configured
- Network Requirements:
- HTTPS/HTTP access to DeskAlerts server
- Browser support for web forms
Platform Support:
- Windows: ✓ Full support
- macOS: ✓ Full support
Computer Name Registration
Description
Registration using the computer name as the primary identifier. Opens a web form with pre-filled computer name.
How It Works:
- Retrieves computer name using Environment.MachineName
- Opens registration window with computer name pre-filled
- User completes additional required fields
- Server validates computer name and credentials
Requirements
Server Configuration:
- AdConfig must be set to Mixed (2)
- Computer name validation must be configured on server
Client Configuration:
- RegistrationType: 1 (ComputerName)
- Valid computer name must be available
System Requirements:
- Computer must have a valid machine name
- Network connectivity to DeskAlerts server
Platform Support
- Windows: ✓ Full support
- macOS: ✓ Full support
Simple AD Registration
Description
Automatic registration using Active Directory domain credentials. Generates a hashed password from domain user and domain name.
How It Works:
- Windows: Uses Domain.GetCurrentDomain() to get domain information
- macOS: Uses dsconfigad command to retrieve domain details
- Generates hashed password using GetHash(domainUser + domainName)
- Sends login request with generated credentials
- No user interaction required
Requirements
Server Configuration:
- AdConfig: Any (0, 1, 2) - fallback to web form if domain unavailable
- Active Directory integration must be configured
- Domain users must exist in DeskAlerts system
Client Configuration:
- RegistrationType: 2 (SimpleAD)
- Device must be joined to Active Directory domain
Domain Requirements:
- Windows: Computer must be domain-joined
- macOS: Computer must be joined to AD domain via dsconfigad
- Domain user must have appropriate permissions
Platform Support
- Windows: ✓ Full support with Domain.GetCurrentDomain()
- macOS: ✓ Full support with dsconfigad integration
macOS Specific Requirements:
- macOS device must be joined to Active Directory domain
dsconfigadcommand must be available and configured- Domain membership is verified before registration attempt
Azure AD Registration
Description
Registration using Azure Active Directory authentication. Uses Azure SDK for authentication.
How It Works:
- Uses Azure SDK to authenticate with Azure AD
- Retrieves Azure AD credentials and tokens
- Sends authentication request to DeskAlerts server
- Server validates Azure AD credentials
Requirements
Server Configuration:
- AdConfig: MixedDeviceAdOnly (1) or Mixed (2)
- Azure AD integration must be configured on server
- Azure AD tenant must be properly configured
Client Configuration:
- RegistrationType: 3 (AzureAD)
- Azure SDK must be available
- Azure AD credentials must be configured
Azure AD Requirements:
- Valid Azure AD tenant
- User must have Azure AD account
- Proper Azure AD permissions and policies
Platform Support
- Windows: ✓ Full support with Azure SDK
- macOS: ✓ Full support with Azure SDK
Seamless Registration
Description
Seamless registration using current domain user credentials without password prompts. Works with both Windows and macOS domain-joined devices.
How It Works:
- Windows: Uses current domain user context
- macOS: Uses domain-joined user without password
- Generates hashed password from domain user and domain name
- Automatic login without user interaction
Requirements
Server Configuration:
- AdConfig: Mixed (2) only
- Domain authentication must be configured
Client Configuration:
- RegistrationType: 5 (Seamless)
- Device must be domain-joined
Domain Requirements:
- Windows: Computer must be domain-joined
- macOS: Computer must be joined to AD domain
- User must be logged in with domain account
Platform Support
- Windows: ✓ Full support
- macOS: ✓ Full support (requires domain membership)
Seamless Hybrid User AD
Description
Hybrid seamless registration that works with both domain-joined and non-domain devices, but requires AD authentication. Uses Windows SID-based authentication for enhanced security.
How It Works:
- Similar to Seamless registration
- Supports hybrid environments with mixed device types
- Uses domain authentication when available
- Falls back to manual authentication for non-domain devices
Requirements
Server Configuration:
- AdConfig: Mixed (2) only
- Hybrid AD configuration must be set up
Client Configuration:
- RegistrationType: 6 (SeamlessHybridUserAd)
- Environment Requirements:
- Hybrid Active Directory environment
- Mixed device types (domain-joined and non-domain)
Platform Support
- Windows: ✓ Full support with SID-based authentication
- macOS: ✗ Not supported (falls back to regular Seamless)
macOS Limitation: On macOS, SeamlessHybridUserAd registration type falls back to regular Seamless registration due to platform limitations. The hybrid SID-based authentication mechanism is Windows-specific and cannot be implemented on macOS.
Seamless for Azure AD
Description
Seamless registration specifically for Azure AD environments. Uses Windows Azure AD integration to retrieve user credentials automatically.
How It Works:
- Uses DsregAccountsProvider to get Azure AD account information
- Retrieves UserId, TenantId, and UserName from Azure AD
- Generates password using Base64 encoding of UserId.TenantId
- Automatic login without user interaction
Requirements
Server Configuration:
- AdConfig: MixedDeviceAdOnly (1) or Mixed (2)
- Azure AD integration must be configured
Client Configuration:
- RegistrationType: 7 (SeamlessForAzureAD)
- Windows device must be Azure AD joined
Azure AD Requirements:
- Device must be Azure AD joined (not just Azure AD registered)
- User must be logged in with Azure AD account
- Azure AD tenant must be properly configured
Platform Support
- Windows: ✓ Full support with Azure AD join
- macOS: ✗ Not supported
Windows Specific Requirements:
- Device must be Azure AD joined (not just registered)
- DsregAccountsProvider must be available
- Azure AD account must be the default account on the device
Platform Support Matrix
The following table provides a comprehensive overview of platform support, domain requirements, user interaction levels, and AdConfig requirements for each registration type.
| Registration Type | Windows Support | macOS Support | Domain Requirement | User Interaction | AdConfig Required |
|---|---|---|---|---|---|
| Simple | ✓ Full | ✓ Full | None | Manual form entry | Mixed (2) |
| ComputerName | ✓ Full | ✓ Full | None | Manual form entry | Mixed (2) |
| SimpleAD | ✓ Full | ✓ Full | Required | Automatic | All (0, 1, 2) |
| AzureAD | ✓ Full | ✓ Full | Azure AD | Azure SDK | MixedDeviceAdOnly (1) or Mixed (2) |
| Seamless | ✓ Full | ✓ Full | Required | Automatic | Mixed (2) |
| SeamlessHybridUserAd | ✓ Full | ✗ Not supported | Hybrid | Automatic | Mixed (2) |
| SeamlessForAzureAD | ✓ Full | ✗ Not supported | Azure AD Join | Automatic | MixedDeviceAdOnly (1) or Mixed (2) |
Setup Requirements
This section outlines the prerequisites and configuration steps required to implement DeskAlerts client registration types in your environment.
Domain Synchronization Requirements
Before clients can register using domain-based authentication methods, proper synchronization between the DeskAlerts server and Active Directory must be established.
User Synchronization
Required Synchronization:
- User Accounts: All domain users who need DeskAlerts access must be synchronized to the DeskAlerts database
- User Properties: Username, display name, email address, and domain information must be synchronized
- Group Membership: Active Directory group memberships should be synchronized for proper access control
- Account Status: Active/disabled status must be kept in sync
Computer Synchronization
Computer Account Requirements:
- Computer Objects: Domain-joined computers must exist as objects in Active Directory
- Computer Names: Computer names must match between AD and DeskAlerts system
- Computer Properties: Operating system, domain membership, and location information should be synchronized
- Computer Groups: Computer group memberships for targeting and policies
Synchronization Methods
| Synchronization Type | Method | Frequency | Requirements |
|---|---|---|---|
| User Accounts | LDAP/ADSI queries | Real-time or scheduled | Read access to AD, network connectivity |
| Computer Accounts | LDAP/ADSI queries | Real-time or scheduled | Read access to AD, network connectivity |
| Group Memberships | LDAP queries with group expansion | Real-time or scheduled | Read access to AD groups |
| Account Status | LDAP attribute monitoring | Real-time or frequent polling | Read access to user attributes |
Pre-Registration Validation
Domain Validation Checks:
- User Existence: Verify user exists in DeskAlerts database before allowing registration
- Account Status: Check if user account is active and not disabled
- Domain Membership: Validate user belongs to correct domain
- Computer Registration: Verify computer is registered in DeskAlerts system
- Group Permissions: Check if user has required group memberships
Synchronization Troubleshooting
Common Synchronization Issues:
- User Not Found: User exists in AD but not in DeskAlerts database
- Stale Data: User information in DeskAlerts is outdated
- Group Mismatch: Group memberships not synchronized
- Computer Not Registered: Computer exists in AD but not in DeskAlerts
- Domain Trust Issues: Cross-domain authentication problems
Client Configuration
appsettings.json Configuration:
{ "Application": { "RegistrationType": 0, // 0=Simple, 1=ComputerName, 2=SimpleAD, 3=AzureAD, 5=Seamless, 6=SeamlessHybridUserAd, 7=SeamlessForAzureAD "ServerUrl": "https://your-deskalerts-server.com" } }
Server Configuration
AdConfig Setting Values:
- 0 (AdOnly): Only domain devices allowed
- 1 (MixedDeviceAdOnly): Mixed devices, AD authentication only
- 2 (Mixed): All registration types allowed
Domain Setup Requirements
Active Directory Domain:
- Domain controller must be accessible
- Users must exist in Active Directory
- Domain trust relationships must be configured
- DNS resolution must work for domain
Azure Active Directory:
- Azure AD tenant must be configured
- Users must be synchronized or created in Azure AD
- Azure AD Connect may be required for hybrid scenarios
- Proper Azure AD licenses must be available
Authentication Flow
This section describes the technical implementation of the authentication process and credential generation mechanisms.
Registration Process Flow
General Registration Process:
- Client Startup: Client reads RegistrationType from configuration
- Server Validation: Client retrieves AdConfig from server
- Type Validation: Server validates if registration type is allowed
- Authentication: Client performs authentication based on type
- Token Exchange: Server returns JWT tokens on success
- Connection: Client establishes SignalR connection
Credential Generation
Domain Authentication Hash Generation: - Input: domainUser + domainName - Method: Custom hash function - Purpose: Generate consistent password for domain authentication - Used by: SimpleAD, Seamless, SeamlessHybridUserAd Azure AD Credential Generation: - Input: UserId + "." + TenantId - Method: Base64 encoding - Purpose: Generate Azure AD specific credentials - Used by: SeamlessForAzureAD
Troubleshooting Guide
This section provides solutions for common issues encountered during DeskAlerts client registration and domain synchronization.
Common Issues and Solutions
Registration Type Not Allowed
Error: "Registration type not allowed by server configuration"
Solutions:
- Check server AdConfig setting
- Verify registration type is allowed for current AdConfig
- Update server configuration if needed
Domain Authentication Failures
Error: "Domain authentication failed" or "Domain is null"
Solutions:
- Windows: Verify computer is domain-joined
- macOS: Check dsconfigad configuration
- Verify domain controller connectivity
- Check DNS resolution for domain
- Synchronization: Ensure user is synchronized in DeskAlerts database
Domain Authentication Failures
Error: "Domain authentication failed" or "Domain is null"
Solutions:
- Windows: Verify computer is domain-joined
- macOS: Check dsconfigad configuration
- Verify domain controller connectivity
- Check DNS resolution for domain
- Synchronization: Ensure user is synchronized in DeskAlerts database
Synchronization Issues
Error: "User not found" or "User not synchronized"
Solutions:
- User Sync: Verify user exists in DeskAlerts database
- Sync Process: Check if synchronization process is running
- AD Connectivity: Verify DeskAlerts server can connect to Active Directory
- Permissions: Ensure DeskAlerts service has read access to AD
- Manual Sync: Trigger manual synchronization for specific user
Computer Registration Issues
Error: "Computer not registered" or "Computer name mismatch"
Solutions:
- Computer Sync: Verify computer object exists in DeskAlerts database
- Name Match: Ensure computer name matches between AD and DeskAlerts
- AD Object: Verify computer object exists in Active Directory
- Sync Schedule: Check if computer synchronization is scheduled
Azure AD Authentication Issues
Error: "Azure AD account not found" or "Azure AD authentication failed"
Solutions:
- Verify device is Azure AD joined (not just registered)
- Check Azure AD tenant configuration
- Verify user has proper Azure AD permissions
- Ensure Azure SDK is properly installed
macOS Specific Issues
Error: "macOS is not joined to a domain (Code: 501)"
Solutions:
- Join macOS device to Active Directory domain
- Verify dsconfigad command works
- Check domain trust relationships
- Ensure proper DNS configuration
Logging and Diagnostics
Client Logging:
- Registration process is logged with NLog
- Logs include domain information, user details, and error messages
- Check client logs for detailed error information
Server Logging:
- Server logs registration attempts and validation results
- AdConfig validation is logged
- Authentication success/failure is recorded
Summary
DeskAlerts client supports seven different registration types to accommodate various enterprise environments and authentication requirements. The choice of registration type depends on your infrastructure setup, security requirements, and user experience preferences.
Key Considerations:
- Simple Registration: Best for testing and non-domain environments
- Domain-based Registration: Best for Active Directory environments
- Azure AD Registration: Best for cloud-first organizations
- Seamless Registration: Best for user experience in domain environments
- Platform Support: Most types work on both Windows and macOS
Critical Prerequisites for Domain-based Registration:
- User Synchronization: All domain users must be synchronized to DeskAlerts database before registration
- Computer Synchronization: Domain-joined computers must be registered in DeskAlerts system
- Group Synchronization: Active Directory group memberships must be synchronized for proper access control
- Real-time Updates: Account status changes must be reflected in DeskAlerts system
- Validation Process: Pre-registration validation ensures user and computer exist in system
Implementation Checklist:
- Configure Active Directory Synchronization: Set up LDAP/ADSI queries for user and computer synchronization
- Set Server AdConfig: Configure appropriate AdConfig value based on environment requirements
- Configure Client Registration Type: Set RegistrationType in client appsettings.json
- Test Synchronization: Verify users and computers are properly synchronized
- Validate Registration: Test registration process with domain users
- Monitor and Troubleshoot: Set up logging and monitoring for synchronization issues