AD Sites and Subnets
Overview
Micetro allows administrators to integrate Active Directory (AD) sites into the IPAM context, view subnets within these sites and add, remove, and move subnets between the sites.
Note
AD sites and subnets integration is only available when Men&Mice Central is running on a Windows server, and it is enabled by default. See General.
AD sites are only assigned to and visible in the Default
address space.
To add/remove a subnet to/from a site, the user must be assigned to a role with the Edit range properties permission set and the role applied to the object. See Access control for more details.
AD sites and subnets are displayed in the IPAM context:
subnets in the main
grid, along with all other subnets in Micetro (if any). The AD Site column displays the site the subnet belongs to.sites in a separate
grid, grouped by Forests. The Inspector box on the right displays the subnets (if any) belonging to the selected AD site.
AD Forests
To manage sites and subnets, Micetro needs to be configured with AD Forest(s).
Note
You can manage sites and subnets from multiple forests.
Adding an AD Forest
In the web application, navigate to
.Use the Add Forest action from the top bar. A dialog box displays.
- Use same Global Catalog as the Men&Mice Central server
If checked, Micetro will use the same Global Catalog server as the Men&Mice Central server is using. If you unselect this checkbox, you must specify the Global Catalog server’s FQDN or IP address in the Global Catalog Server field.
- Global Catalog Server
If you want to specify a Global Catalog server, enter the server’s FQDN or IP address in this field. (To unlock this field, the Use same Global Catalog as the MenMice Central server checkbox needs to be unchecked.)
- Use the same credentials as the Men&Mice Central server
If checked, Micetro uses the same credentials as the Men&Mice Central server when accessing the site information.
- User and Password
If you don’t want to use the default credentials for the machine running Men&Mice Central, enter the desired user name and password in these fields. (To unlock these fields, the Use the same credentials as the MenMice Central server checkbox needs to be unchecked.)
- Set as read only
If checked, users will be able to display data from Active Directory, but unable to make any modifications.
Click OK to save the changes. The forest is added and the sites belonging to the forest are displayed.
Edit AD Forest
To edit an existing AD Forest (to, for example, change the read-only status):
In the web application, navigate to
.Use the Edit AD Forest action from the top bar or the ellipsis menu.
Update the settings in the dialog box.
Click OK to save your changes.
Removing an AD Forest
To remove an AD Forest from Micetro:
In the web application, navigate to
.Select the AD Forest(s) you want to remove.
Use the Remove AD Forest action from the top bar or the ellipsis menu.
Click OK in the confirmation box to remove the Forest(s).
Reloading the Sites in an AD Forest
Data from AD Forests is synchronized by Men&Mice Central regularly. To manually synchronize forests and reload the data for sites and subnets:
In the web application, navigate to
.Select the AD Forest(s) you want to synchronize.
Use the Synchronize action from the top bar.
Click OK in the confirmation box to synchronize the Forests.
AD Subnets
View subnets in a site
To view subnets within a specific site:
In the web application, navigate to
.Select the AD Forest the site is in, or use the Quickfilter to find it by name.
Use the View networks action with the site selected from the top bar or the ellipsis menu.
This will open the
context with a filter applied to show all subnets that belong to the site.Note
You can also use the -> View button in the Inspector of the selected AD site to open the subnet view.
Moving subnets between AD sites
To add subnet(s) to a site, or move between sites:
Select the subnet(s) in the
grid.Use the Set AD Site action from the top bar or the ellipsis menu.
Set the (new) AD Site in the dropdown and click Save.
Note
Child subnets cannot be moved to a different site than the parent subnet unless the Enforce site inheritance
checkbox is unchecked in the System Settings dialog box.
Subnets whose AD site settings are inherited from a parent range will have a <AD Site Name> (inherited)
notation added.
See General.
Remove subnet from AD site
Select the subnet(s) in the
grid.Use the Remove from AD Site action from the top bar or the ellipsis menu.
Click Yes to confirm the removal.
Subnets outside of sites
To view subnets that don’t belong to any AD site:
In the web application, navigate to
.Click on the
Flat view
button (see Quickfilter) next to the Quick Filter to change the view.Sort the IP address ranges by the AD Site column in ascending order: