First Connection
The First Run Wizard guides you through connecting to your domain. This page describes each field and what to do if the connection test fails.
Step 1 — Enter your domain details
On the Connect to your domain wizard step, fill in:
| Field | What to enter |
|---|---|
| Domain / DC hostname | Your domain FQDN (e.g. corp.example.com) or a specific DC hostname (e.g. dc01.corp.example.com). Using the FQDN lets Windows pick the nearest DC automatically. |
| Port | Leave as 389 for standard LDAP. Change to 636 if your domain enforces LDAPS. |
| Use SSL / LDAPS | Check this if you entered port 636 or your domain requires encrypted LDAP. |
Service account
DirWarden needs an AD account to query and write to the directory.
- Auditor role: a read-only account is sufficient (member of Domain Users with no special delegation needed for most queries).
- Operator / Administrator role: the account needs the Reset Password and Unlock Account delegated permissions on the target OUs. A dedicated service account (e.g.
svc-dirwarden) is recommended — do not use a Domain Admin.
Enter the account as DOMAIN\username or username@domain.com.
Step 2 — Test the connection
Click Test connection. DirWarden attempts an LDAP bind using the credentials you entered.
| Result | Meaning |
|---|---|
| Green checkmark | Bind succeeded; DirWarden can reach the DC. |
| ”Credentials rejected” | The username or password is wrong, or the account is locked/disabled. |
| ”Cannot reach server” | The hostname cannot be resolved, or TCP 389/636 is blocked by a firewall. |
| ”SSL certificate error” | The DC’s LDAP certificate is not trusted. See Troubleshooting. |
Step 3 — Save and continue
Once the test passes, click Next to proceed to the Operator roles step.
The connection settings are saved to %AppData%\DirWarden\preferences.json. You can change them later in Settings → Domain connection.
Changing the connection after setup
- Open Settings (gear icon in the top-right corner).
- Go to Domain connection.
- Update the fields and click Test & save.
DirWarden reconnects immediately; no restart is required.