86 DOMINION KX II USER G UIDE8. DN of administrative User. Distinguished Name of administrative user; consult yourauthentication server administrator for the appropriate values to type into this field. Anexample DN of administrative User value might be:“cn=Administrator,cn=Users,dc=testradius,dc=com”.9. User Search DN. This describes the name you want to bind against the LDAP, and where inthe database to begin searching for the specified Base DN. An example Base Search valuemight be: “cn=Users,dc=raritan,dc=com”. Consult your authentication server administratorfor the appropriate values to enter into these fields.10. Type of external LDAP server. Select from among the options available:• Generic LDAP Server.• Microsoft Active Directory. Active Directory is an implementation of LDAP directoryservices by Microsoft for use in Windows environments.11. Active Directory Domain. Type the name of the Active Directory Domain.Returning User Group Information from Active Directory ServerThe Dominion KX II supports user authentication to Active Directory (AD) without requiring thatusers be defined locally on the KX II. This allows Active Directory user accounts and passwordsto be maintained exclusively on the AD server. Authorization and AD user privileges arecontrolled and administered through the standard KX II policies and user group privileges (thatare applied locally to AD user groups).Note: If you are an existing Raritan, Inc. customer, and have already configured the ActiveDirectory server by changing the AD schema, Dominion KX II still supports this configuration,and you do not need to perform the following operations. Please refer to Appendix B: Updatingthe LDAP Schema for information about updating the AD LDAP schema.To enable your AD server on the Dominion KX II:1. Using Dominion KX II, create special groups and assign proper permissions and privileges tothese groups. For example, create groups such as: KVM_Admin, KVM_Operator.2. On your Active Directory server, create new groups with the same group names as in theprevious step.3. On your AD server, assign the Dominion KX II users to the groups created in step 2.4. From the Dominion KX II, enable and configure your AD server properly. Please refer toImplementing LDAP Remote Authentication.Important Notes:• Group Name is case sensitive.• The Dominion KX II provides the following default groups which can not been changedor deleted: Admin and . Please verify that your Active Directory server doesnot use the same group names.• If the group information returned from the Active Directory server does not match a KXII group configuration, the Dominion KX II automatically assigns the group of to users who authenticate successfully.