BloxOne Universal DDI provides the capability for importing Microsoft Active Directory (AD) DNS and IPAM/DHCP objects into the Cloud Services Infoblox Portal by copying them into a dedicated IP Space / DNS view, so you can manage view and monitor all objects from a single consolidated read-only location. The connectivity requirements are available at Active Directory Connectivity Requirements.
BloxOne Universal DDI also provides the capability for one-way synchronization from Microsoft Active Directory to Cloud Services Infoblox Portal. For more information, see Active Directory-Integrated DNS Zones.
The BloxOne DDI Microsoft Active Directory integration feature has a limitation of 20000 DNS records in total. A single zone can contain 7000 records.
Integration with Active Directory enables you to do the following:
Synchronize public zones, private zones, and records from AD to BloxOne Universal DDI. Zones synced from AD are read-only. All records supported by BloxOne Universal DDI and AD Active Directory can be imported into BloxOne Universal DDI.
View AD-hosted zones and records through the Infoblox Cloud Services Portal.
Sync AD DNS data (as read-only) to BloxOne DDI.
View and manage DHCP leases and view IPAM data in Cloud Services PortalSynchronize Active Directory IPAM data (scope, range, and fixed address) to an IP space in Infoblox Portal.
Synchronize DHCP options defined in Active Directory to Infoblox Portal. The synchronized DHCP options are read-only. The DHCP options from Active Directory will be reconciled and stored in a custom option space. The DHCP option items specified for each subnet will be mapped with each IPAM object and will be available under the respective object on the IPAM page.
The following diagram illustrates how to leverage the Active Directory integration feature. To integrate AD with BloxOne Universal DDI, complete the following steps:
Go to Admin > Credentials, and configure Microsoft Active Directory Credentials. For more information, see Creating Active Directory Credentials.
Go to DNS > Third Party DNS Providers, and configure AD as a third-party DNS provider. For more information, seeConfiguring Third Party DNS Providers.
Go to IPAM/DHCP > Third Party DNS IPAM Providers, and configure AD as a third-party IPAM provider. For more information, seeConfiguring Third Party IPAM Providers.
Before creating a Third Party IPAM Provider, enable the MS AD Sync service. For more information, see Creating Services.
Excerpt | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
|
|
|
|
|
Universal DDI may skip the following options or show an error during reconciliation with an appropriate message:
Option code 81/43
Option code 121 "Classless static routes"
Option code of "binary" type
Option code of "Text" type accepting multiple values.
You can perform the following actions:
...