Community

Active Directory Roles - Administrators

6762
24
07-10-2012 10:34 AM
BrianLeroux
by
Occasional Contributor III
‎07-10-2012 10:34 AM
I am trying to set up my initial roles in 10.1 using an Active Directory role store. I logged in as the PSA and serched for a AD group that I am in and gave it Administrative rights. I log out of manager and try to log in with my domain account and get "You must enter an account that is a member of either the Administrator or Publisher roles for this site." I tried using domain\UserName with the same result. I also tried giving this role access to the entire site. Any Ideas why I can't log into manager using an AD Role?

Additional info:
ArcGIS Server 10.1, IIS 7, & Web Adaptor all installed on same server. I have the default services running and can set security on the services using Active Directory Roles.
0 Kudos
24 Replies
PF1
by
Occasional Contributor II
‎03-11-2013 07:53 AM
Hi Pat,

We have been using Windows Domain all along.. We did try switching to Build in which worked relatively faster, but we cannot use that security model on our Production Domain.

-Muneer


One solution you may consider - set the following configuration settings:

  • User Store: Windows Domain

  • Role Store: ArcGIS Built-in


then write some code to synchronize some AD groups to your ArcGIS built-in role store.  Therefore you would still obtain single signon and single user store (since they are in AD/Windows Domain). 

We have that setting and performance went from horrible to adequate.  Users do not need to maintain a separate user account since the user store is tied to Active Directory.  There is a little more overhead on our IT operations staff to maintain the role store in the ArcGIS Server (Built-in) but that extra maintenance is well worth the IT operations time since it saves so much performance gains on the ArcGIS server solution. 

This is speaking from a government agency where security is always at the forefront... 

HTH!
0 Kudos
CharlesRioux-Boucher1
by
New Contributor
‎09-12-2018 11:50 AM

Hi Patrick, 

Our enterprise might have to follow these configuration settings due to performance issues :

  • User Store: Windows Domain
  • Role Store: ArcGIS Built-in

I'm taking a chance and asking you, five years later, if you still have the code your are using to synchronize AD groups to the ArcGIS built-in role store?

Thanks!

0 Kudos
rodickwillision
by
New Contributor
‎07-11-2013 02:22 AM
Hello,

Active Directory management services. This Software Quickly and very fast recovering the deleted Active Directory objects.
Active Directory tools have many features i explain some features :
1) User Management
ii) Active Directory query
iii) Exchange Administration
More details kindly read this blog : http://activedirectorymanagementsoftware.wordpress.com/2013/06/28/active-directory-management-to-han...
0 Kudos
BubbaHey
by
Occasional Contributor III
‎07-12-2013 05:58 AM
I  like Patrick's idea. Try it
0 Kudos
rodickwillision
by
New Contributor
‎07-15-2013 04:36 AM
Ok well

Thanks dear you can try it and more benefits.
0 Kudos