Add an Active Directory Group
Active Directory group members can log in to the management console and perform tasks based on the permissions assigned to the group. The group can authenticate against either a domain or domain controller.
Active Directory users must log in to the management console at least once to receive email notifications.
- Select Configuration.
- Under Role Based Access, select User Management.
- Under Groups, click Create New Group.
- Select Add an Active Directory Group.
- Select a credential, or click Manage Credentials to add or edit a credential.
For more information on creating and editing directory credentials, please see Create and Edit Directory Credentials.
- If not automatically populated, enter the name of a domain or domain controller.
- After you enter the domain or domain controller credential information, click Search Active Directory. A list of security groups in the selected domain is displayed.
The default filter is an asterisk (*), which is a wild card filter that returns all groups. For performance reasons, a maximum of 250 groups from Active Directory is retrieved.
- Set a filter on the groups to refine the list, and then click Search Active Directory. Example filters:
- a* returns all group names that start with a.
- *d returns all group names that end with d.
- *sql* returns all groups that contain sql in the name.
- Select a group, and then click Add Group.
- The group is added and set to Active but not provisioned or synchronized with Active Directory. Synchronization with Active Directory to retrieve users begins immediately.
- Once the group has been synced with Active Directory, you can view the users assigned to the group, as well as unassigned users, by selecting Users from the Group Details section and then using the filters.
By default, new groups are not assigned any permissions. You must assign permissions on features and smart groups after creating a new group. For more information on permissions and how to assign them, please see Assign Group Permissions.
Domain changes can be propagated to all users in a group. By default, this is set to OFF. When enabled, changes to the preferred domain controller at the group level are applied to all group members.
When creating a new group, it is advisable to turn this setting on by editing the new group details. This ensures that all users in the new group get a Preferred Domain Controller from the initial setup of the group.