Some interesting facts about Active Directory :
I have configured AD with principle as puneeth1 and I am displaying all the users and groups of the default container “ Users “.
Note : Principal can be any user present in the Active Directory.
It is not a must that the user has to be an Admin of AD.
The above configuration is perfectly fine and hence the users are displayed as seen below :
In the above list of users we don’t see the principle : puneeth1..!!!!!!!??
The main reason being that here only the users present in the default container i.e “ Users “ are displayed.
But the problem is that when we try to login to the console using this user ( i.e puneeth1 ) the authentication will fail..!! ( It will fail even if you have set the Role of this user as Admin in “ Global Roles : tab. )
So we can conclude that only the users that are displayed in the “Users and Groups “ tab can login to the console..!!! ( And yeah it is a must for us to give the user a global role before that ).
Since our principal user is not displayed under the “Users and Groups “tab we will not be able to login with puneeth1..
The next question is how will we know which container or organization unit user puneeth1 belongs to?? And how de we display all the users present in AD ( present in all the containers and OU )
The only change we need to make is in the “User Base DN “ tab.
Just specify the dc ( i.e dc=xxx,dc=xxx,dc=com ) and all the users from all the containers and OU will be displayed in the “ Users and Groups “ tab.
Now lets configure an AD user to login to the console by giving him Global Role of “ Admin”.
Thinks to keep in mind here are :
– The AD user that you wish to configure must be visible in the “ Users and Groups “ tab.
– Once the user is visible assign him a Global Role (“ Roles and Policies “ tab –> expand “ Global Roles “ –> “ Roles “ –> click on “ view role conditions “ next to “ Admin “ role. After you click on “ View Role Conditions” –> Click on “ Add Conditions “ –> Select “ User “ under the “ Predicate List “ –> Next –> Type in the user in AD eg: puneeth3 in “ User Argument Name “ and click on Add –> Finish. )
– The AD user that you configure may or may not be a member of “ Administrator” in AD. This doesn’t make any difference..!!
Your AD user can now login to the console successfully..!! 🙂