PMC Authentication Systems: Connecting Microsoft AD and Entra ID
Overview
This article helps when an issue arises creating a new Authentication System in PMC (Administration > Authentication > Create). An administrator hits a certificate error during the connection test, or does not see the expected certificate in the CA certificate drop-down.
Environment
- NComputing PMC Endpoint Manager
- Authentication Systems feature, Server Type: Microsoft Active Directory or Microsoft Entra ID
Cause
For directory connections that validate a TLS/server certificate, PMC requires the relevant CA certificate to be uploaded as a file resource before it appears in the CA certificate drop-down on the Authentication System form. Environments that have configured authentication before often already have several CA certificates on file (per domain or site)
Note: Read through this document and you will see a drop-down menu in PMC where you can check for an existing Cert before assuming none exist and uploading a duplicate.
Resolution
Step 1: Upload the CA Certificate (if required for your Server Type)
- Navigate to Administration > Files. Under Upload File, open the File Type drop-down and select CA certificate in PEM format. Click Browse, select your certificate file, and upload it.

Step 2: Create the Authentication System
Go to Administration > Authentication and click Create. The Create Authentication System dialog has three sections:
- General Settings: Server type (Microsoft Active Directory / Microsoft Entra ID), Display name, Enable, Use global MFA settings, Use global security lockdown rules.
- Connection Settings: Server URL, Domain name, CA certificate (drop-down), Ignore certificate subject, Test connection.
User Lookup Settings: User lookup base DN, PMC users group DN, Advanced user lookup settings (expandable).

Step 3: Select the CA Certificate and Complete Connection Settings
Select the uploaded certificate from the CA certificate drop-down (Microsoft Active Directory Server Type).
Navigate to Administration > Files.
- Under Upload File, open the File Type drop-down list and select CA certificate in PEM format.

- Click Browse, select the CA certificate file, and upload it successfully.
Then set:
- Ignore certificate subject: Enable if the server certificate's Subject CN does not match the server's FQDN.
- User Lookup Base DN: This must be the DN of an Organizational Unit rather than a group.
Step 4: Test the Connection
Use the "Test connection" link in the dialog. A successful result confirms the certificate and connection parameters are valid but does not by itself grant any user access.
- Navigate to Group Membership Rules.
- Map the appropriate Active Directory group to a local PMC group.
- Assign the desired User Role (for example, PMC Super User) to grant the appropriate administrative permissions.
Following these steps ensures PMC can successfully connect to your directory service and authenticate users through either Microsoft Active Directory or Microsoft Entra ID. Once the connection test passes and authorization is in place, directory users will have access to PMC.
Article #KB872
Last Edited: 07/02/2026
Related Articles
[Release Notes] PMC Endpoint Manager
NComputing PMC Endpoint Manager Version 4.2.1 Release Notes PRODUCT RELEASE NOTES: NCOMPUTING PMC ENDPOINT MANAGER, VERSIONS 4.2.1 Product: NComputing PMC Endpoint Manager Version: 4.2.1 Supported virtualization environments: VMware ESXi 6.7.0, ...
PMC Version 4, Start Guide
Overview This document based on the release notes of PMC 4.1.1. It covers everything you need to know, in-depth, regarding installation and deployment of PMC. It is always recommended that you use the current release notes of every PMC version that ...
LDAP Authentication (NoTouch Center)
LDAP Authentication (NoTouch Center) NoTouch Center is a tool for system administrators to manage their endpoints. It not only maintains a list of local user accounts, but it also supports user authentication via LDAP using either Microsoft Active ...
How Does AD Connection Work with VERDE, LDAP and Domain
Product Line: VERDE Verde VDI System Design Guide (Active Directory Connection and Authentication) This System Design Guide explains the integration of Active Directory with Verde VDI. The following configurations are required for logging into ...
LDAP - Active Directory - Global Catalog
Authenticating users from Active Directory forests (not only from a single domain) is possible in NoTouch Center. The NTC appliance needs to be configured to talk with the Active Directory Global Catalog server then though. The LDAP Server URL in ...