Hi Experts,
Here's the scenario.
A user is using Active Directory to manage a number of AD sites, servers and storage clusters.
The newest of these are two freshly deployed Hyperflex Clusters running Hyper-V
Now the friendly manual tells me:
The user types allowed to perform actions on or view content in the HX Data Platform, include:
admināA predefined user included with Cisco HX Data Platform. The password is set during HX Cluster creation. Same password is applied to root. This user has read and modify permissions.
rootāA predefined user included with Cisco HX Data Platform. The password is set during HX Cluster creation. Same password is applied to admin. This user has read and modify permissions.
HX service account userāA created Cisco HX Data Platform user. This user has read and modify permissions. The password is set during user creation.
read-onlyāOther domain admins are read only users. This user only has read permissions. The password is set during user creation.
Let me emphasise that two users, admin and root are set up during the cluster creation - this is part of the install process.
But the account I'm interested in is the HX service account user - which has its password set during user creation
So here I sit at an Active Directory console trying to create a HX service account user and I have NO idea how to do this.
And what really perplexes me, is that I can log into HX-Connect as the Active Directory Administrator, and I have read-only access in HX-Connect.
That's weird
Especially when the documentation also states in relation to creating RBAC users for the Cisco HX Data Platform:
Two roles are supported. Privileges associated with these roles cannot be modified.
AdministratorāThe role allows users to modify the HX Storage Cluster. Most tasks that can be performed on a HX Storage Cluster require administrator privileges. Administrative users create other users and assign them roles.
So let's be clear: The Administrator role allows users to modify the HX Storage Cluster.
Yet while logged in as THE AD administrator, I dont' have privileges to modify the HX Storage Cluster.
I just don't understand
But at the end of the day, I don't want to log in as administrator anyway, I want to log in as myself, but give myself the privileges of the HX Service Account.
In spite of the obvious futility, I've also tried doing the following (taken directly from that lovely Cisco HyperFlex Data Platform Administration Guide for Hyper-V, Release 4.0 document mentioned before)
Before you begin
Create the user. [Yep - I did that, the user is called rednectar]
Procedure
Step 1 Open Active Directory Users and Computers tool.
Step 2 Add user to Administrators group under the Builtin OU for Administrator privilege.
Step 3 Double click on Administrators group to add administrator privilege user or Remote Desktop Users group to add read only users.
Step 4 Navigate to the Members tab
Step 5 Click Add button
Step 6 Type the user in the search field and click Check Names button.
Step 7 Then click OK to close out of each dialog box.
Did that...
Here's the result:
Sure enough, I can log in, but have read only access.
So, my learned friends
How do I create a HX Service Account User after the install?
[Note: Screenshots are taken from my lab, not the customer mentioned above, but the story is the same]
