The Sonus SBC 1000/2000 system acts as an Active Directory client. By default, the Sonus SBC 1000/2000 is able to obtain any readable field in the Active Directory.
Accessing Active Directory
Accessing AD values requires that we have an account with credentials on the particular domain to be queried. Anonymous binds to AD are typically not supported by the domain controller. Administrators are required to create a new user in their system (following standard Active Directory add user practices), preferably one whose credentials never expire, and configure these credentials in Sonus SBC 1000/2000. Sonus SBC 1000/2000 will use these configured credentials when communicating with AD.
If for some reason the Active Directory server is unreachable, access to Sonus SBC 1000/2000 will fall back to local-only.
Active Directory Queries and Domain Membership Requirements
Domain membership is not required for the Sonus SBC 1000/2000 to query Active Directory. It is important to note that Global Catalog binds are not supported. Only LDAP binds are used to query and collect Active Directory data. The configuration requires the domain controller's IP address to be specified. Multiple domain controllers can be configured. The list will be traversed in order if any of the former entries fail to bind. If all the IPs are unreachable or fail to bind, the Sonus SBC 1000/2000 will retry the bind at one minute intervals.
The Sonus SBC 1000/2000 supports multiple domains within the same AD forest. That way the domains have internal trust and hence, the Sonus SBC 1000/2000 can access them with the same user. If mapping to a domain group in a specific domain is required, you need to create a group with a unique group name in that specific domain, so that you can map to that group. If the group name is not unique, the Sonus SBC 1000/2000 is going to query each domain controller for the same group.
Global Catalog binds are not supported. Only LDAP binds are used to query and collect Active Directory data.
In case a user group is configured under multiple authorization modes, the highest authorization level is used. For example, if a user belongs to multiple groups with authorization levels Administrator and Read Only, the user will be authorized as an Administrator.