Subscribe
Accepted Solution

Using AD security groups when defining user roles

I am running OnCommand Core 5.2 and I was wondering the following: Can an Active Directory group be used to define a group of administrators instead of adding each individual user?

Re: Using AD security groups when defining user roles

Hello,

Per the UM 5.1RC1 Admin Guide page 66 https://library.netapp.com/ecm/ecm_download_file/ECMP1153167 , Active Directory groups can be added as DFM admins.

Active Directory user group accounts

The DataFabric Manager server recognizes two types of users namely Administrator and User, thereby allowing domain administrators the ability to define roles based on a company’s organizational hierarchy.

To set up administrator accounts as a user group, use the following naming convention:  <AD domain>\group_dfmadmins .

In this example, all administrators who belong to group_dfmadmins can log in to the DataFabric Manager server and inherit the roles specified for that group.

Thanks,

Kevin

Re: Using AD security groups when defining user roles

Kevin,

This has been helpful however I am still experiencing issues. I have a Linux box hosting my DFM. What is the recommended configuration? I am able to read single AD users without issue however AD groups are translated with their AD CN when posted on the web page but I am not getting any group membership recognized.

Re: Using AD security groups when defining user roles

Hi Ken,

You can find a very detailed thread on this topic posted within this community:

https://communities.netapp.com/message/88788

Thanks,

Kevin

Re: Using AD security groups when defining user roles

Thank you, Kevin - that thread solved my issue.