LDAP Feature for the Remote Console Switch
178
Domain Controller Computers
Associated with the Domain hierarchy is the corresponding hierarchy of
Domain Controller computers where AD provides LDAP services. Each
domain may have multiple peer Domain Controllers and may also be
distributed across geographical sites. The suite of Dell Remote Console
Switches is designed to support both of these aspects of AD. DNS is used to
determine the network coordinates of each Domain Controller so that the
Dell Remote Console Switches can gracefully handle situations where some
Domain Controllers are not available on the network. DNS SRV records are
used for this purpose so the Dell Remote Console Switches always attempt to
contact alternative Domain Controllers at the “nearest” site first, depending
on the administrative settings configured in the SRV records.
Object Classes
Within each domain, there is another hierarchy of objects designed to store
information about various entities and groupings of entities. Such entities are
represented in AD by object classes used to define “containers” that help
organize groupings of objects. Other object classes represent entities such as
network users, computers, printers, or network services. Two types of
container object classes are of special interest: Group and Organizational Unit
(OU). These two object classes allow the AD administrator to define
groupings of entities for the purpose of simplifying the application of access
controls and other administrative policies. For example, a domain may be
configured to have an OU container named “Engineering” which contains
several Group objects named according to function, like “Hardware,”
“Software,” and “Support;” each of the groups is configured with a
membership list of User objects and perhaps Computer objects. Yet another
level of hierarchy can be configured by “nesting” groups; a nesting is formed
by including the name of a Group object in the membership of another
Group object. It should be noted here that each AD Group object has an
associated “scope” that is used to configure the types of nesting relationships
it is allowed to have with other groups; for example, when scope is set to
“Universal,” the group may participate in nesting that crosses domain
boundaries but when scope is set to “Local” it may not participate in such
nesting. Rules for nesting are available in the AD product documentation
available from Microsoft. The suite of Dell Remote Console Switches is
designed to support all nesting rules defined for AD.