User Management
637
SonicOS Enhanced 4.0 Administrator Guide
Note AD has some built-in containers that do not conform (e.g. the DN for the top level
Users container is formatted as “cn=Users,dc=…”, using ‘cn’ rather than ‘ou’) but the
SonicWALL knows about and deals with these, so they can be entered in the simpler
URL format.
Ordering is not critical, but since they are searched in the given order it is most efficient to
place the most commonly used trees first in each list. If referrals between multiple LDAP
servers are to be used, then the trees are best ordered with those on the primary server
first, and the rest in the same order that they will be referred.
Note When working with AD, to determine the location of a user in the directory for the
‘User tree for login to server’ field, the directory can be searched manually from the
Active Directory Users and Settings control panel applet on the server, or a directory
search utility such as queryad.vbs in the Windows NT/2000/XP Resource Kit can be
run from any PC in the domain.
Auto-configure – This causes the SonicWALL to auto-configure the Trees containing
users and Trees containing user groups fields by scanning through the directory/
directories looking for all trees that contain user objects. To use auto-configure, first enter
a value in the User tree for login to server field (unless anonymous login is set), and then
click the Auto-configure button to bring up the following dialog:
In the Auto Configure dialog box, enter the desired domain in the Domain to search field.
Select one of the following:
Append to existing trees – This selection will append newly located trees to the
current configuration.
Replace existing trees – This selection will start from scratch removing all currently
configured trees first.
Click OK.
The auto-configuration process may also locate trees that are not needed for user login.
You can manually remove these entries.