Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
570
Views
0
Helpful
1
Replies

Utilizing AD for User/Group Information

Jon Glennie
Level 1
Level 1

‎12-08-2014 08:15 AM

Hello All-

I am trying to set up UCSD with multiple vDC's for varrious organizations in our environment.  Certain organizations should have their own administrators and some administrators in one organization may be administrators in other organizations as well. I already have groups in AD that reflect these user rights, and I have UCSD set up to sync to my LDAP/AD server.  My question though is what's the easiest way to pull this all into UCSD?  I have created the vDC's with the corresponding admin groups as the owners, i.e. Org1 with Org1-admins as the group owner, org2/org2-admins, etc, however if I log in with a user that's a member of both groups in AD, I don't have access to both resources.  I see that I can add multiple user access profiles to a given user account, but it seems as though UCSD should be able to pull this information in the list of groups that the user is a member of from AD.  Am I missing something or is the only way to accomplish what I am trying to do through multi-role access profiles?  THanks.

-Jon

0 Helpful
1 Reply 1

Jon Glennie
Level 1
Level 1

‎12-12-2014 09:56 AM

I have spent a lot more time playing with this and I'm still not much further than I was.  UCSD seems to have no concept of User/Group membership from AD, it only knows about the actual names of the groups.  I'm really hoping I am wrong on this point because if I'm right, then integrating AD groups into UCSD really servers no purpose other than to save you the hassle of creating a bunch of groups, which really isn't saying much.

I've attempted to progress with the multiple user access profiles route, but I am hitting some stumbling points there as well.  If I understand this correctly, the primary group that the user is assigned to in UCSD must also be assigned a group share policy which includes the additional groups that you would like the user to be able to manage.  Only then will the additional groups be visible in the user profile management section or the user.  However, just by doing so, a user will by default see all of the groups listed in the group share when their primary group is changed, until you go in and uncheck the box that says "show resources from all groups that the user has access" in the default access profile entry.  Once you do that though, you need to add individual entries for each group you want them to have access to, and then the user will be responsible for switching between profiles in the UI.

Can anyone confirm that this is indeed the way UCSD works, and that there is no better way to accomplish what I am trying to do?  Again, I really hope I am wrong and there is...

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card