To add or modify a Domain Controller:
- In the WebUI, click the Settings tab.
In the left navigation pane, go to Auth and Directory Services > Active Directory > Domain Controllers.
Modifying Domain Controller Properties
- Click the expand () Icon next to the entry you wish to modify.
- Edit the entry properties as required, see details below.
Adding a Domain Controller
Click the Add Domain Controller() icon at the top of the Domain Controllers Table page.
Domain Controller - Field Definitions
DC Enabled
Enables or disables the domain controller:
- True (default). Enables the domain controller.
- False. Disables the domain controller.
Domain Controller Address
Specifies an IP address or Fully Qualified Domain Name (FQDN) of the Domain Controller. Valid entries include IPv4 address, IPv6 address, or FQDN.
DC Type
Specifies the type of domain controller, either Authentication, Call Route, or On Premises:
- Authentication. Authenticates user log-ins.
- Call Route. Supplies call routing information.
- On Premises. Notifies AD that it will be looking up On Premise; this enables the user to enter data to narrow the search scope, and allows the proper user records to be retrieved quickly from the AD server.
Search Scope
Specifies the tree location in Active Directory to use as the starting point for search queries or authentication requests.
LDAP Query
Applies a filter to the Search Scope to limit the number of active directory users included in the cache. This field applies only when Call Route is selected from DC Type.
Wildcards are not recommended any place except at the end of the LDAP query string.
Server Timeout
NOTE: This field apples to Release 5.0.2 and later.
Sets the LDAP timeout, which is used to query the external Domain Controller duirng cache refreshes and other activity. At any point, if the Domain Controller does not respond within the timeout period, the current operation is aborted and an alarm is raised. This value should be adjusted only when it has been determined that timeouts are occurring.
Valid entry: 5 to 15 seconds.
If a timeout is encountered during an AD cache refresh, the SBC attempts to load the cache for that DC from the backup file representing the last successful cache refresh. If successful, the partial cache collected prior to the timeout is discarded since it contains incomplete records. The AD Cache Status field is updated to Backup (in the Domain Controller Status window) and an alarm is still sent to inform the administrator that a timeout was encountered.
If the SBC is unable to load the cache from the last backup (no backup file present), the partial information collected thus far will be retained, and in this case, the SBC will not have a complete set of records. The AD Cache Status field is updated to Incomplete (in the Domain Controller Status window). See Managing Domain Controllers.
User Name
Specifies username (BindDN) to use for querying the Active Directory. The user name must be either the sAMAccountName or the UPN.
Enter/Confirm Password
Specifies a new password (BindPW) to use for querying the Active Directory.
DC Role
Specifies whether the DC is primary or backup. This field appears only when the DC Type is Call Route.
- Primary (default). This is the primary DC.
- Backup. This DC is the backup of the primary DC. The SBC uses the backup DC for call routing only when the primary DC is down.
Primary DC
Specifies which DC is the primary DC. This field appears only when the DC Role is Backup.
DC Priority
Specifies the priority ranking of the domain controller for Active Directory queries and is based on domain controller type.
Specifies the order in which the AD queries the domain controllers. Both authentication and call routing domain controllers start at priority 1 (highest) and both may have priority 1.
For Authentication DCs: For two authentication Domain Controllers, only the Priority 1 DC is used unless the DC is down (in this case Priority 2 DC is used).
For Call Route DCs: For five Call Route Domain Controllers, all DCs are queried in the order of configured priority, until a successful result is obtained.