Subscribe

Adding AD user to a Role

I have just installed SnapCenter 1.0P1. I'm attempting to add users to roles under the Administration page.  I plug in the domain into the domain field, then hit find. I then go down to the User field and start typing my username, and nothing populates.  The find button has the ever circulating circle of dots.  Not sure what I'm doing wrong. I'm following the directions found on page 20 of https://library.netapp.com/ecm/ecm_download_file/ECMP12392446.  I have tried it within Chrome, IE, and Firefox.

 

Any help or insight would be greatly welcomed.

Re: Adding AD user to a Role

I'm having a similar issue.  After 6 or 7 minutes, the circle finally stops spinning and I can poulate it with either a user or group from AD.  However, after adding either a group or a user directly, I am unable to log into SnapCenter with this newly added user.  I get this message (An error (1301) occured while enumerating the groups.  The group's SID could not be resolved.)  Any help that you could provide in this are would be great!

 

Jason Jenkins

jjenkins@bechtel.com

Re: Adding AD user to a Role

Please open a support request for this.

 

We haven't encountered this error yet and we need to troubleshoot this through the support channels to determine the issue.

 

Sorry for the inconvenience!

 

John

Re: Adding AD user to a Role

Did you have any luck getting this resolved?

 

I get a similar error during login of an AD user added to the SnapCenterAdmin role.

 

"An error occurred while enumerating the groups. The group could not be found."

Re: Adding AD user to a Role

Has anyone opened a support request on this?

 

If so I can get engineering to take a look and help resolve.

Otherwise I can't assist since I can't replicate the issue in my environment.

 

Support will gather all the necessary logs and help, but with a case number I can ask for additional help.

 

Feel free to email me your case# at: spinks at netapp dot com.

 

Thanks,

 

John

Re: Adding AD user to a Role

Hi coreywanless,

 

After you enter the domain name or Ipaddress of the domain and click "find", does it error out or just it keep spinning?

can you do one this do ping domainname or ping domainname ipaddress from the machine?

If its pings it should resolve the AD in SnapCenter Create Role.

 

Else you can try to modify the Network setting and add Prefered DNS to the one which your tyring to resolve. 

 

I`m suspecting its not able to resolve the AD.

 

Let me know if its work. else we can have a webex session.

 

thanks

Neeraj Dey

Re: Adding AD user to a Role

Hi Coreywanless,

 

Thanks for the posting. one clarification...


After typing Domain Name and hit Find in the administration page , if there is validation message/error like 'Could not get user or group.the server could not be contacted'.

In that case, can you please make sure that Domainname/IP is ping/resolve from snapcenterServer.?

 

Please let us know. Appreciate your help

 

Regards,

Jay

Re: Adding AD user to a Role

Hi Jason Jenkins and Jordan


Couple of quries..

 

If user or group can be added to a role, then while log in if there is an error like '1301 could not enumerate groups..groups SID could not be resolved' in that case ,

 

could you please let us know the
   

     a) SnapcenterServer OS (2008R2 or 2012 Server etc..)

     b) DomainController (2003 or 2012 etc..)

 

Your help will be highly appreciated.

 

Regards,

 

Jay

 

This is just for clarifying

SnapcenterServer support 2012 Server, but in case the Server is 2008 or 2008 R2 and the domain controller is 2012, there is a hot fix from Microsoft
to map SID's

 

https://support.microsoft.com/en-us/kb/2830145


 

Re: Adding AD user to a Role

I am able to add users/groups from my AD  to the role members within SnapCenter administration. My issue occurs when trying to login as any of those added AD users.

 

DC OS: Win 2012R2

SnapCenter Server OS: Win 2012R2

 

FYI, opened a case for this Friday. Will hopefully catch up with support today.

Re: Adding AD user to a Role

Hi 

 

the error your getting is because your domain group does not have mapping .

error code from Microsoft:

 

ERROR_SOME_NOT_MAPPED

1301 (0x515)

Some mapping between account names and security IDs was not done.

 

 

Can you try the below on Domain Controller:

1. Open "Active directory users and computers" under users--> create new group 

2. after create a new group check the properties for the new group and under properties check object tab--> it should list "cononical name of object:"

3. add a user to the group.

 

Now login in to SnapCenter and create a new role and access the domain name --> click find(it should resolve if machine is joined to the domain properly, you can do nslookup localhost)

and then select the group(if the domain get resolve in Snapcenter Adding new Role wizard it should list groups).