Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 209
15.4 User accounts in Active Directory — domain mapping
209
Use buttons Add or Edit to open a dialog for a new domain definition and enter parameters of
the mapped domain. For details, see above (Primary domain mapping and Advanced options).
Collision of Active Directory with the local database and conversion of accounts
During Active Directory domain mapping, collision with the local user database may occur if
a user account with an identical name exists both in the domain and in the local database. If
multiple domains are mapped, a collision may occur only between the local database and the
primary domain (accounts from other domains must include domain names which make the
name unique).
If a collision occurs, a warning is displayed at the bottom of the User Accounts tab. Click
on the link in the warning to convert selected user accounts (to replace local accounts by
corresponding Active Directory accounts).
Figure 15.15
Conversion of user accounts
The following operations will be performed automatically within each conversion:
•
substitution of any appearance of the local account in the WinRoute configuration (in
traffic rules, URL rules, FTP rules, etc.) by a corresponding account from the Active
Directory domain,
•
removal of the account from the local user database.
Accounts not selected for the conversion are kept in the local database (the collision is still
reported). Colliding accounts can be used — the accounts are considered as two independent
accounts. However, under these circumstances, Active Directory accounts must be always
specified including the domain (even though it belongs to the primary domain); username
without the domain specified represents an account belonging to the local database. However,
as long as possible, it is recommended to remove all collisions by the conversion.
Note: In case of user groups, collisions do not occur as local groups are always independent
from the Active Directory (even if the name of the local group is identical with the name of the
group in the particular domain).