Relevant when Windows Security Integration is being used and logons are slow due to the user being a member of a large (>100) number of AD security groups.
This information should be used only when absolutely necessary in the circumstance noted. A side effect will be that external changes to the AD such as renaming an OU specified in a search base will then cause all AD logons for VTScada to fail.
Use this property to restrict the AD LDAP queries for the user to a particular portion of the AD LDAP tree using LDAP syntax. For example, "ADUserSearchBase = OU=SCADA, dc=example, dc=com" to restrict that particular search to the SCADA OU in the example.com domain.
In a larger AD configuration, search queries may be more prone to timing out as they are performed recursively on each folder. Consider using multiple OU naming statements to narrow the scope of the search. For example, if security groups are stored under "/SCADA/def/groups" within the example.com domain, the query syntax should be:
'ADUserSearchBase = "OU=groups, OU=def, OU=SCADA, dc=example, dc=com"'
Note that the naming order is required to start lowest directory to highest.
Section: <SecurityManager-Admin>
Default: ADUserSearchBase =
Hidden section property. Must be edited within the file (Settings.Dynamic), not in the user interface. Ensure that you import file changes after editing any of the property files.
Related properties:ADUserSearchBase | ADGroupSearchBase | ADRefreshPeriod
