User guide
Query Mode (Appliance). If a group is found containing the user and target device IDs, the user is given
access to the selected target device connected to the appliance when using Query Mode (Target Device).
Groups can be nested to a maximum of 16 levels in depth. Use nesting to create groups within other
groups. For example, you may have a top-level group named Computers that contains a member named
R&D, which is a group. The R&D group may contain a member named Domestic, which is a group, and
so on.
The following is an example of groups defined in Active Directory.
Figure 5.2: Active Directory - Define Groups
Setting up Active Directory for Performing Queries
Before you can use any of the querying modes for units, you must first make changes to Active Directory so that
the selected querying mode can assign the applicable authorization level for the user.
To set up group queries:
1. Log into Windows with administrator privileges.
2. Open Active Directory software.
3. Create an organizational unit to be used as a group container.
4. Create a computer object in Active Directory with a name identical to the switching system name for
querying appliances (specified in the Appliance Overview screen of the OBWI), or identical to the attached
target devices for querying target devices. The name must match exactly, including case.
5. The appliance names and target device names used for group queries are stored in the appliance. The
appliance name specified in the Appliance Overview screen of the OBWI and target device names must
identically match the object names in Active Directory. Each appliance name and target device name may
be comprised of any combination of upper-case and lower-case letters (a-z, A-Z), digits (0-9) and hyphens (-).
You cannot use spaces and periods (.) or create a name that consists entirely of digits. These are Active
Directory constraints.
Chapter 5: LDAP 51