The SBC Edge system acts as an Active Directory client. By default, the SBC Edge is able to obtain any readable field in the Active Directory.

Accessing Active Directory

Accessing AD values requires that we have an account with credentials on the particular domain to be queried. Anonymous binds to AD are typically not supported by the domain controller. Administrators are required to create a new user in their system (following standard Active Directory add user practices), preferably one whose credentials never expire, and configure these credentials in SBC EdgeSBC Edge will use these configured credentials when communicating with AD.

 

Active Directory is always enabled by default, no licensing action is required to turn it on.

If for some reason the Active Directory server is unreachable, access to SBC Edge will fall back to local-only.

Active Directory Queries and Domain Membership Requirements

Domain membership is not required for the SBC Edge to query Active Directory. It is important to note that Global Catalog binds are not supported. Only LDAP binds are used to query and collect Active Directory data. The configuration requires the domain controller's IP address to be specified. Multiple domain controllers can be configured. The list will be traversed in order if any of the former entries fail to bind. If all the IPs are unreachable or fail to bind, the SBC Edge will retry the bind at one minute intervals.

The SBC Edge supports multiple domains within the same AD forest. That way the domains have internal trust and hence, the SBC Edge can access them with the same user. If mapping to a domain group in a specific domain is required, you need to create a group with a unique group name in that specific domain, so that you can map to that group. If the group name is not unique, the SBC Edge is going to query each domain controller for the same group.

Global Catalog binds are not supported. Only LDAP binds are used to query and collect Active Directory data.

In case a user group is configured under multiple authorization modes, the highest authorization level is used. For example, if a user belongs to multiple groups with authorization levels Administrator and Read Only, the user will be authorized as an Administrator.

Related Topics