Active IQ Unified Manager Discussions

Using AD security groups when defining user roles

KENBUNCE0
5,064 Views

I am running OnCommand Core 5.2 and I was wondering the following: Can an Active Directory group be used to define a group of administrators instead of adding each individual user?

1 ACCEPTED SOLUTION

kryan
5,064 Views

Hi Ken,

You can find a very detailed thread on this topic posted within this community:

https://communities.netapp.com/message/88788

Thanks,

Kevin

View solution in original post

4 REPLIES 4

kryan
5,064 Views

Hello,

Per the UM 5.1RC1 Admin Guide page 66 https://library.netapp.com/ecm/ecm_download_file/ECMP1153167 , Active Directory groups can be added as DFM admins.

Active Directory user group accounts

The DataFabric Manager server recognizes two types of users namely Administrator and User, thereby allowing domain administrators the ability to define roles based on a company’s organizational hierarchy.

To set up administrator accounts as a user group, use the following naming convention:  <AD domain>\group_dfmadmins .

In this example, all administrators who belong to group_dfmadmins can log in to the DataFabric Manager server and inherit the roles specified for that group.

Thanks,

Kevin

KENBUNCE0
5,064 Views

Kevin,

This has been helpful however I am still experiencing issues. I have a Linux box hosting my DFM. What is the recommended configuration? I am able to read single AD users without issue however AD groups are translated with their AD CN when posted on the web page but I am not getting any group membership recognized.

kryan
5,065 Views

Hi Ken,

You can find a very detailed thread on this topic posted within this community:

https://communities.netapp.com/message/88788

Thanks,

Kevin

KENBUNCE0
5,064 Views

Thank you, Kevin - that thread solved my issue.

Public