Modifying an AD domain

This operation enables you to modify configurations of an AD domain.

Procedure

  1. Choose Services > Object Service > AD Domain.
  2. Click More on the right of the desired AD domain and select Modify.

    The Modify AD Domain page is displayed on the right.

  3. Modify parameters for the AD domain authentication server. Table 1 describes related parameters.

    If a domain user in the AD domain has been bound to an account, ensure that the same domain user information exists in the new AD domain. Otherwise, the domain user may fail the authentication for accessing the object service.

    Table 1 AD domain authentication server parameters

    Parameter

    Description

    Active Server Address

    Indicates the IP address of the active AD domain server.

    Standby IP Address 1

    Indicates the IP address of standby AD domain server 1.

    Standby IP Address 2

    Indicates the IP address of standby AD domain server 2.

    Protocol

    Indicates the protocol used by the object service to communicate with the domain server.

    • LDAP: uses the standard LDAP protocol to communicate with the domain server.

      When the LDAP protocol is used, the network communication between the object service and domain server is not encrypted, which may cause security risks. Therefore, LDAPS is recommended.

    • LDAPS: uses the LDAP over SSL (LDAPS) protocol to communicate with the LDAP server. The LDAPS protocol improves network communication security. If the domain server supports the LDAPS protocl, you are advised to select LDAPS.

    Port

    Indicates the port number used for communication between the object service and domain server.

    The default port number of the LDAP server is 389, and the default port number of the LDAPS server is 636.

    Base DN

    Indicates the root directory of the domain server. That is, the start DN of the domain server specified for searching.

    Each entry stored in the AD domain directory database has a unique identification, which can uniquely identify an object and its location in the directory tree. The identification of each entry in the database is called distinguished name (DN). The top of the directory tree is the root directory, that is, the base DN.

    A DN consists of three attributes: cn, ou, and dc. For example, cn=Common name,ou=Organization unit,dc=example,dc=com is used to identify a user in an AD domain and ,dc=example,dc=com is the base DN.

    [Example]

    dc=example,dc=com

  4. Click OK.
Parent topic: Managing AD Domains