Supported Servers for Realms

You can configure realms to connect to the following types of servers, providing they have TCP/IP access from the Cisco Defense Orchestrator:

Note the following about your server group configurations:

• To perform user control on user groups or on users in groups, you must configure user groups on the LDAP or Active Directory server.

• Group names cannot start with S- because it is used internally by LDAP.

  Neither group names nor organizational unit names can contain special characters like asterisk (*), equals (=), or backslash (\); otherwise, users in those groups or organizational units are not downloaded and are not available for identity policies.

• To configure an Active Directory realm that includes or excludes users who are members of a sub-group on your server, note that Microsoft recommends that Active Directory has no more than 5000 users per group in Windows Server 2012. For more information, see Active Directory Maximum Limits—Scalability on MSDN.

  If necessary, you can modify your Active Directory server configuration to increase this default limit and accommodate more users.

• To uniquely identify the users reported by a server in your Remote Desktop Services environment, you must configure the Cisco Terminal Services (TS) Agent. When installed and configured, the TS Agent assigns unique ports to individual users so the system can uniquely identify those users. (Microsoft changed the name Terminal Services to Remote Desktop Services.)

  For more information about the TS Agent, see the Cisco Terminal Services (TS) Agent Guide.