beautypg.com

Domain controller computers, Object classes – Dell KVM 2321DS User Manual

Page 156

background image

140

LDAP Feature for the Remote Console Switch

Domain Controller Computers

Associated with the Domain hierarchy is the corresponding hierarchy of

Domain Controller computers where AD provides LDAP services. Each

domain may have multiple peer Domain Controllers and may also be

distributed across geographical sites. The suite of Dell Remote Console

Switches is designed to support both of these aspects of AD. DNS is used to

determine the network coordinates of each Domain Controller so that the

Dell Remote Console Switches can gracefully handle situations where some

Domain Controllers are not available on the network. DNS SRV records are

used for this purpose so the Dell Remote Console Switches always attempt to

contact alternative Domain Controllers at the “nearest” site first, depending

on the administrative settings configured in the SRV records.

Object Classes

Within each domain, there is another hierarchy of objects designed to store

information about various entities and groupings of entities. Such entities are

represented in AD by object classes used to define “containers” that help

organize groupings of objects. Other object classes represent entities such as

network users, computers, printers, or network services. Two types of

container object classes are of special interest: Group and Organizational Unit

(OU). These two object classes allow the AD administrator to define

groupings of entities for the purpose of simplifying the application of access

controls and other administrative policies. For example, a domain may be

configured to have an OU container named “Engineering” which contains

several Group objects named according to function, like “Hardware,”

“Software,” and “Support;” each of the groups is configured with a

membership list of User objects and perhaps Computer objects. Yet another

level of hierarchy can be configured by “nesting” groups; a nesting is formed

by including the name of a Group object in the membership of another

Group object. It should be noted here that each AD Group object has an

associated “scope” that is used to configure the types of nesting relationships

it is allowed to have with other groups; for example, when scope is set to

“Universal,” the group may participate in nesting that crosses domain

boundaries but when scope is set to “Local” it may not participate in such

nesting. Rules for nesting are available in the AD product documentation

available from Microsoft. The suite of Dell Remote Console Switches is

designed to support all nesting rules defined for AD.