earth_america
user_standard Log on
action_search_stroke
earth_america
Log on to rate and give feedback 1 2 3 4 5 Log on to rate
0
How to

How to


Products: Automation Server, AS-B, Enterprise Server, AS-P, Virtual Project Servers
Functionalities: User Management
Product version: 1.9
12/14/2016

Creating and Configuring a Domain

You create a domain to group SmartStruxure servers, users, and user groups in one domain so that all users and user groups of the domain have access to all SmartStruxure servers within the domain. You can connect the domain to a Windows Active Directory domain to make user accounts from the Windows Active Directory accessible to Building Operation, and to allow users to log on to WorkStation with their Windows user account.

Show More
action_close

A Building Operation domain contains user accounts, user account groups, software permissions, workspaces, and one or several SmartStruxure servers. The SmartStruxure server that hosts and administers the domain is called the domain controller.

Normally, a user account or user account group that is a member of a domain that hosts several Building Operation servers has access to all servers within the domain without additional logon. The user account or user account group can have restricted path permissions preventing the user to access the servers.

You can set up domains in several ways. You can have a communication domain that only contains Building Operation servers and another domain that contains users, workspaces, and software permissions. Or you can have a combined domain that manages both servers and users.

Note:

A Building Operation server can belong to more than one domain.

For example, a Building Operation system consists of two domains, the Inner City domain and the Outer city domain. The user Larry has a user account in the Inner City domain. The Inner City domain contains several Enterprise Servers and Automation Servers. One of the Automation Servers belongs to both the Inner City domain and the Outer City domain. Larry cannot access the servers in the Outer City domain, except for the shared Automation Server.

 
action_zoom_plus_stroke Building Operation domain and its components.
Figure: Building Operation domain and its components.
Note:

You cannot change the name of a domain that is shared between SmartStruxure servers.

Windows Active Directory Domain

If your domain controller is within a network that has a Windows Active Directory, you can establish a connection between your Building Operation domain and the Windows Active Directory. This connection enables inherited user account groups from the Windows Active Directory to Building Operation, and allows users to log on to WorkStation with their Windows user accounts.

Do not name a Building Operation domain with the same name as any Windows domain in your network. A Building Operation domain and a Windows domain in your network that are named in the same way can cause conflicts when you use an integrated Windows log on for the domains in the Building Operation system.

Important:

If the Windows Active Directory name is changed, you have to manually update the change in Building Operation.

Building Operation supports Fully Qualified Domain Name (FQDN) and NetBIOS name. The NetBIOS name is displayed in the Log on screen even if FQDN is used as a log on method.

Server Local Domain

By default, all servers have a local domain that includes a local administrator account, administrator user account group, and administrator workspace. ​The local domain of a server cannot hold a Building Operation multiserver system. When logging on to the local domain of a server, you access only the unique server.

A local domain and its content cannot be deleted, edited or include other Building Operation servers.

Important:

On a Local domain, you cannot view bound values from a SmartStruxure server higher or on the same tier in the Building Operation hierarchy.

Administration Accounts in Server Local Domain

You can manage user accounts on a domain controller by logging on to the local domain of the SmartStruxure server, using the local administrator and local reports administrator accounts.

For more information, see Administration Accounts in SmartStruxure Server Local Domain .

To create and configure a domain
  1. In WorkStation, on the Tools menu, click Control Panel .

  2. On the Control Panel toolbar, select the SmartStruxure server.

     
    action_zoom_plus_stroke
  3. Click Domain .

  4. Click Add .

     
    action_zoom_plus_stroke
  5. In the Name box, type a name for the domain.

    Do not name a Building Operation domain with the same name as any Windows domain in your network. A Building Operation domain and a Windows domain in your network that are named in the same way can cause conflicts when you use an integrated Windows log on for the domains in the Building Operation system.

     
    action_zoom_plus_stroke
  6. In the Description box, type a description for the domain.

  7. Click Next .

  8. In the Windows domain name box, type the name of a Windows Active Directory domain to connect the domain to a Windows domain.

     
    action_zoom_plus_stroke
  9. Click Next .

  10. In the Available Servers box, select the SmartStruxure servers that you want to connect to the domain.

     
    action_zoom_plus_stroke
    Note:
    • The Domain Members page appears only if there are any SmartStruxure servers available to connect to the domain.

  11. Click the Add button

     
    action_zoom_plus_stroke
    .

  12. Click Next .

  13. In the Maximum logon attempts box, enter the number of failed logon attempts allowed for users belonging to the domain before their user accounts are temporarily disabled.

     
    action_zoom_plus_stroke
  14. Click Create .

  • Domains
  • Domain Wizard – Authentication Page
  • Domain Wizard – Domain Policies Page
  • Creating and Configuring a Domain
  • Editing the Description of a Domain
  • Editing the Maximum Logon Attempts
  • Assigning a SmartStruxure Server Device to a Domain
  • Removing a SmartStruxure Server Device from a Domain
  • Deleting a Domain