Versions Compared

Old Version 1

changes.mady.by.user Sri Raghu

Saved on

compared with

New Version Current

changes.mady.by.user Sri Raghu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

BloxOne Universal DDI provides the capability for importing Microsoft Active Directory (AD) DNS and IPAM/DHCP objects into the Cloud Services Infoblox Portal by copying them into a dedicated IP Space / DNS view, so you can manage view and monitor all DNS objects from a single consolidated read-only location. The connectivity requirements are available at Active Directory Connectivity Requirements.

BloxOne Universal DDI also provides the capability for one-way synchronization from Microsoft Active Directory to Cloud Services Infoblox Portal. For more information, see Active Directory-Integrated DNS Zones.

The BloxOne DDI Microsoft Active Directory integration feature has a limitation of 20000 DNS records in total. A single zone can contain 7000 records.

Integration with Active Directory enables you to do the following:

  • Synchronize public zones, private zones, and records from AD to BloxOne Universal DDI. Zones synced from AD are read-only. All records supported by BloxOne Universal DDI and AD Active Directory can be imported into BloxOne Universal DDI.

  • View AD-hosted zones and records through the Infoblox Cloud Services Portal.

  • Sync AD DNS data (as read-only) to BloxOne DDISynchronize Active Directory IPAM data (scope, range, and fixed address) to an IP space in Infoblox Portal.

  • Synchronize DHCP options defined in Active Directory to Infoblox Portal. The synchronized DHCP options are read-only. The DHCP options from Active Directory will be reconciled and stored in a custom option space. The DHCP option items specified for each subnet will be mapped with each IPAM object and will be available under the respective object on the IPAM page.

The following diagram illustrates how to leverage the Active Directory integration feature. To integrate AD with BloxOne Universal DDI, complete the following steps:

  1. Go to Admin > Credentials, and configure Microsoft Active Directory Credentials. For more information, see Creating Active Directory Credentials.

  2. Go to DNS > Third Party DNS Providers, and configure AD as a third-party DNS provider. For more information, seeConfiguring Third Party DNS Providers.

  3. Go to IPAM/DHCP > Third Party IPAM Providers, and configure AD as a third-party IPAM provider. For more information, seeConfiguring Third Party IPAM Providers.

Before creating a Third Party IPAM Provider, enable the MS AD Sync service. For more information, see Creating Services.

Go to Admin then Credentials, and configure AD credentials. Go to DNS then Third Party DNS Providers, and configure AD as a third-party DNS provider. Go to IPAM-DHCP then Third Party IPAM Providers, and configure AD as a third-party IPAM provider. Transfer DNS-IPAM data. Perform one-way synchronization between AD and CSP. The host is installed behind the firewall.Image Added

Excerpt
hiddentrue
nameActive Directory DNS.drawio

Drawio
zoom1
simple0
inComment0
custContentId99778675
pageId100139009
custContentId99778675
lbox1
diagramDisplayNameActive Directory DNS.drawio
contentVer
8
12
revision
8
12
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramNameActive Directory DNS.drawio
pCenter0
width
731
824
links
tbstyle
height
394
531

Universal DDI may skip the following options or show an error during reconciliation with an appropriate message:

  • Option code 81/43

  • Option code 121 "Classless static routes"

  • Option code of "binary" type

  • Option code of "Text" type accepting multiple values.

You can perform the following actions:

...