Concept
Domains
A Building Operation domain contains user accounts, user account groups, software permissions, workspaces, and one or several SmartStruxure servers. The SmartStruxure server that hosts and administers the domain is called the domain controller.
Normally, a user account or user account group that is a member of a domain that hosts several Building Operation servers has access to all servers within the domain without additional logon. The user account or user account group can have restricted path permissions preventing the user to access the servers.
You can set up domains in several ways. You can have a communication domain that only contains Building Operation servers and another domain that contains users, workspaces, and software permissions. Or you can have a combined domain that manages both servers and users.
A Building Operation server can belong to more than one domain.
For example, a Building Operation system consists of two domains, the Inner City domain and the Outer city domain. The user Larry has a user account in the Inner City domain. The Inner City domain contains several Enterprise Servers and Automation Servers. One of the Automation Servers belongs to both the Inner City domain and the Outer City domain. Larry cannot access the servers in the Outer City domain, except for the shared Automation Server.
You cannot change the name of a domain that is shared between SmartStruxure servers.
Windows Active Directory Domain
If your domain controller is within a network that has a Windows Active Directory, you can establish a connection between your Building Operation domain and the Windows Active Directory. This connection enables inherited user account groups from the Windows Active Directory to Building Operation, and allows users to log on to WorkStation with their Windows user accounts.
Do not name a Building Operation domain with the same name as any Windows domain in your network. A Building Operation domain and a Windows domain in your network that are named in the same way can cause conflicts when you use an integrated Windows log on for the domains in the Building Operation system.
If the Windows Active Directory name is changed, you have to manually update the change in Building Operation.
Building Operation supports Fully Qualified Domain Name (FQDN) and NetBIOS name. The NetBIOS name is displayed in the Log on screen even if FQDN is used as a log on method.
Server Local Domain
By default, all servers have a local domain that includes a local administrator account, administrator user account group, and administrator workspace. The local domain of a server cannot hold a Building Operation multiserver system. When logging on to the local domain of a server, you access only the unique server.
A local domain and its content cannot be deleted, edited or include other Building Operation servers.
On a Local domain, you cannot view bound values from a SmartStruxure server higher or on the same tier in the Building Operation hierarchy.
Administration Accounts in Server Local Domain
You can manage user accounts on a domain controller by logging on to the local domain of the SmartStruxure server, using the local administrator and local reports administrator accounts.
For more information, see Administration Accounts in SmartStruxure Server Local Domain .
Assigning a SmartStruxure Server Device to a Domain
Creating and Configuring a Domain
Domains
SmartStruxure Server Communication
User Account Management Overview
Administration Accounts in SmartStruxure Server Local Domain
SmartStruxure Server Overview