Chapter 6: User Management111Returning User Group Information from Active Directory ServerThe Dominion KX II supports user authentication to Active Directory (AD)without requiring that users be defined locally on the Dominion KX II.This allows Active Directory user accounts and passwords to bemaintained exclusively on the AD server. Authorization and AD userprivileges are controlled and administered through the standardDominion KX II policies and user group privileges that are applied locallyto AD user groups.IMPORTANT: If you are an existing Raritan, Inc. customer, and havealready configured the Active Directory server by changing the ADschema, the Dominion KX II still supports this configuration andyou do not need to perform the following operations. See Updatingthe LDAP Schema for information about updating the ADLDAP/LDAPS schema.To enable your AD server on the Dominion KX II:1. Using the Dominion KX II, create special groups and assign properpermissions and privileges to these groups. For example, creategroups such as KVM_Admin and KVM_Operator.2. On your Active Directory server, create new groups with the samegroup names as in the previous step.3. On your AD server, assign the Dominion KX II users to the groupscreated in step 2.4. From the Dominion KX II, enable and configure your AD serverproperly. See Implementing LDAP/LDAPS Remote Authentication.Important Notes:• Group Name is case sensitive.• The Dominion KX II provides the following default groups that cannotbeen changed or deleted: Admin and . Verify that yourActive Directory server does not use the same group names.• If the group information returned from the Active Directory serverdoes not match a Dominion KX II group configuration, the DominionKX II automatically assigns the group of to users whoauthenticate successfully.• If you use a dialback number, you must enter the followingcase-sensitive string: msRADIUSCallbackNumber.• Based on recommendations from Microsoft, Global Groups with useraccounts should be used, not Domain Local Groups.