Showing results for 
Search instead for 
Did you mean: 


TCS - Add users group syntax


We have a sticky with connecting our TCS server to our entreprise AD. we try to open acces to our TCS server to all employes of the enterprise in viewer role.

We have sucessfully entered our LDAP setting in Configuration > Sites setting > Authentification > LDAP server with a Base DN and a User DN that works and lookup to the entire AD content of our enterprise. If we move to the groups and users page, Add groups and users, and add a single user in the add user in Viewer role box, it works and confirm that the users has been added. But when we are trying to add a group instead in the box Add groups, viewer role we are receiving this error message: The group "name_we_use" cannot be found on the domain.

the page as the following indication in top of the Add group page " Add groups in the format group,name". We have tried all sort of format such as "test1" and "test.1" that we created in AD for testing purpose, also the format <enterprise_short_name>\test1, even, without success. we have run traces of the failed attemps and we could see that the query reach our AD but it is looking for the "Display Name" attribute, so we have turn on that attribute on some users and we where not more sucessfull. It seem that it cannot found or see any users in the groups.

Is there a special syntax or way to enter the group name to have it work?

I appreciate any help or suggestion on that matter. Thanks to all in advance.


Magnus Ohm
Cisco Employee

Hi Pierre

The syntax should be straight forward..

My TCS is added to the same domain as the AD so I use Domain as Authentication method.

However what is important when you are adding a group is that the group must be located within whatever you set as Base DN.

So now my base dn was on top level and I can add which ever group I want, if I set my base dn to a specific OU I can only add groups within that OU.

I don't know if this is what you are hitting or if you are using DOMAIN as authentication method or LDAP (which should be used if your TCS is not in the same domain as the AD, but the principle is the same. If I take my other TCS out of the domain and change the authentication to LDAP it will be the same behavior.

Hope this helps.


Magnus Ohm
Cisco Employee

You should also be able to  log in with your users in your AD and they will be created automatically in the TCS database as viewers. They can then be modified later if they need admin rights.

Or you can add a group of course which gives them a higher role, like creator or site admin.


Recognize Your Peers
Content for Community-Ad