Specify Active Directory users and groups

Save PDF

Feedback

HomeAVEVA™ PI Server Installation and Configuration (PI Server 2024)...Learn about Data Archive securityLearn about configuring security on a new Data Archive installationUnderstand how to configure security for Data ArchiveLearn how to configure authentication for Data ArchiveMap AD groups to PI identitiesSpecify Active Directory users and groups

TABLE OF CONTENTS

Specify Active Directory users and groups

Save PDF

Feedback

Last UpdatedFeb 12, 2025

To explicitly specify an Active Directory (AD) principal, you can use any of the following:

Fully-qualified account name: domain_name\principal_name
Fully-qualified DNS name: my_domain.com\principal_name
User Principal Name (UPN): principal_name@my_domain.com
SID: S-1-5-21-nnnnnnnnnn-…-nnnn

Note: For local Windows users or groups, you can use only the fully-qualified account name (computer_name\principal_name) or SID formats.

To find the security identifier (SID) or to check the validity of a domain principal, you can use the psgetsid utility. This utility is part of a set of command-line tools called PsTools, that are available on the Microsoft TechNet Web site. If you run the utility from the Data Archive server, the SID that psgetsid returns is guaranteed to be valid for the mapping.

For example, after installing psgetsid, you could type the following from a command window on the Data Archive server:

psgetsid.exe domain\somegroup

The psgetsid utility returns something like the following:

PsGetSid v1.43 - Translates SIDs to names and vice versa
Copyright (C) 1999-2006 Mark Russinovich
Sysinternals - www.sysinternals.com
SID for domain\somegroup:
S-1-5-21-1234567890-1234567890-1234567890-4321

AVEVA™ PI Server Installation and Configuration (PI Server 2024)

Filters

Product Family