that's the tricky bit:
As you don't have CIFS and enabling it might not be straight forward (main consideration is if your network connectivity is ready. and a extra use of CPU resources).. i would have just use the LDAP functionality and not the AD CIFS integration:
https://library.netapp.com/ecmdocs/ECMLP2348035/html/GUID-725D9074-9A70-437C-A348-7281DF12E5AD.html for Cdot
https://library.netapp.com/ecmdocs/ECMP1155684/html/GUID-8BE8ADEB-466A-4838-A27D-BB213661BF59.html for 7 mode
---------------------
if you had a CIFS configured. you would have only need to run the following on the Cdot
security login domain-tunnel create -vserver <your CIFS SVM>
and start using it with:
security login create -user-or-group-name domain\group -application ontapi -authmethod domain -role admin
security login create -user-or-group-name domain\group-application http -authmethod domain -role admin
and the following on the 7-mode:
useradmin domainuser add domain\group -g administrators
if you think it's straight forward for you to create CIFS SVM and add the 7-mode to a domain - do it and complete the above, it will be also more secure then LDAP (as it will use Kerberos or NTLM. and not send the password over as LDAP do)
