Map AD groups to PI identities

Once you have the necessary PI identities and AD groups, you need to create a mapping between each AD group and a PI identity. The mapping associates the specified AD group with the specified PI identity. The Data Archive server will automatically authenticate members of that AD group as the specified PI identity.

1. Open PI SMT.

2. Under Collectives and Servers, select the server. Note that if you have a collective deployment, this PI SMT panel will appear as Collectives and Servers.

3. Under System Management Tools, select Security > Identities, Users, & Groups.

4. Select the PI Identities tab.

5. Select the identity that you want to map.

6. In the toolbar, click the Properties button .

   The Properties dialog box opens.

7. In the Properties dialog box, click the Mappings and Trusts tab.

   The top portion of the dialog box shows all existing mappings for this PI identity. The bottom portion shows all existing PI trusts for this PI identity.

8. Click the Add button under the mappings portion of the dialog box.

   There is also an Add button under the trusts portion, so be sure to click the right button.

   Note: The Add button is disabled if the selected PI identity is flagged as disabled or not usable in a mapping.

   The Add New Mapping dialog box opens.

9. Enter the Windows account.

   This can be an AD principal or a local Windows group or user. To select the account either:

   • Click the browse button to browse for the account.

   • Type in the account name. If you choose to type in the account name, click the resolve SID button to verify that this is a valid account. If the account is valid, an SID appears in the field. Otherwise, a dialog box with an error message opens.

   See Specify Active Directory users and groups for more information.