Learn how to review Active Directory configuration

In most cases you can rely on existing Active Directory (AD) groups and you will not need to do any AD configuration. Work with your Windows domain administrator to review existing groups and make any necessary adjustments.

Note: Although the Data Archive server can use AD for authentication, it does not use Windows access permissions to determine Data Archive access levels. You still have to set access permissions explicitly on the Data Archive server.

Follow these guidelines:

• Make sure you have appropriate AD groups for each type of Data Archive user. For each PI identity, you should ideally have a single corresponding AD group. Users that belong to more than one AD group get the cumulative access permissions for all the associated PI identities.

• Review your AD group memberships to ensure that all Windows users will get the appropriate Data Archive permissions (Understand how Data Archive access permissions work).

• Establish a naming convention for PI identities and/or AD groups so that it is clear which group is mapped to which identity. Over time, you will be able to control user access to the Data Archive server simply by editing group memberships in AD or Windows

Once you have a workable set of AD groups, you are ready to map AD groups to PI identities.

Note: If your current AD groups do not suffice and you cannot get your AD domain administrator's support, use a simple workaround: Create local Windows groups on your Data Archive server and then place existing AD groups within the local groups.