ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

Multi-admin Verify support for ADS groups

a_lehn
‎2022-09-27 04:32 AM
18,213 Views

Hi
We are currently testing the use of MAV which is supported in Ontap 9.11.1x.

As I see it, it is only possible to create local users as approvers, does anyone know if there will be support for using AD groups as  a approvers. ?


The idea is via. automation that a user is temporarily members of a AD group to approve pending approver

0 Kudos
1 ACCEPTED SOLUTION

elementx
NetApp
‎2022-09-28 03:35 AM
In response to a_lehn
18,130 Views

Do you need one of the two accounts to be ADS-based and the other local based, or both ADS-based?

If you want the both to be ADS-based, how do you plan to handle ADS outage or unplanned downtime?

View solution in original post

27 REPLIES 27

DaveNorrie
‎2024-04-24 03:08 AM
In response to TMADOCTHOMAS
12,542 Views

Adding my +1 too. This would be much easier to manage than individual AD users.

0 Kudos

AlexDawson
A-Team Tech Advisor A-Team Tech Advisor
yesterday
77 Views

For reference of anyone viewing this thread in the future - Active Directory group support for MAV approval groups was added in 9.15.1 - https://docs.netapp.com/us-en/ontap/multi-admin-verify/manage-groups-task.html#system-manager-procedure

a_lehn
yesterday
In response to AlexDawson
67 Views
"Isn't what we are experiencing in 9.17.1x also that if we use AD groups (admin role), you still cannot do approvals between users who are members of the same AD group?
If you assign the admin role to AD users domain\userid01 and domain\userid02 directly, it works across userid01 <-> userid02." and local Ontap users
 
 
0 Kudos

AlexDawson
A-Team Tech Advisor A-Team Tech Advisor
17 hours ago
In response to a_lehn
51 Views

Can I ask you to setup a labondemand with MAV following my guide and script at https://community.netapp.com/t5/ONTAP-Discussions/Quick-start-to-setting-up-Multi-admin-verify-MAV-on-labondemand-netapp-com/m-p/467864 and let me know how it goes? Thanks!

0 Kudos

Reinhard089
yesterday
In response to AlexDawson
65 Views

@AlexDawson Hi and thank you, but...

that doc article describes how to use ist with DOMAIN\USERS (and USERS only).

we have 9.16.1p12 installed and to create a MFA-group with a domain\GROUP is still not possible.

1Screenshot 2026-06-24 084952.png

"Error: command failed: Approval groups need valid users." (screenshot attached)
nice regards reinhard

0 Kudos

AlexDawson
A-Team Tech Advisor A-Team Tech Advisor
17 hours ago
In response to Reinhard089
51 Views

Hi! Can I ask you to setup a labondemand with MAV following my guide and script at https://community.netapp.com/t5/ONTAP-Discussions/Quick-start-to-setting-up-Multi-admin-verify-MAV-on-labondemand-netapp-com/m-p/467864 and let me know how it goes? This lets you test against a known good configuration and may help with troubleshooting further

Reinhard089
16 hours ago
In response to AlexDawson
45 Views

Hi Alex,

that script helped.

my error was, you need to create a new "security login create" for that specific group:

2Screenshot 2026-06-24 103424.png

it does not help that that group is part of the AD, it needs to be "inserted" into ontap.

nice regards and thank you

Reinhard

0 Kudos
Announcements
All Community Forums
Public