AnsweredAssumed Answered

Problems with ArcGIS Server Security Config for Nested Groups in Windows Active Directory

Question asked by joel_hickok on Jul 9, 2015
Latest reply on Jul 28, 2015 by joel_hickok

We're trying to configure our ArcGIS Server 10.3.1 to use nested groups in our domain.  We have nested groups set up looking at domain B from domain A.  User from domain B cannot login, so we followed the Esri directions to set up nested groups in a Windows Active Directory identity store.  However, when submitting the JSON code block to update the configuration to use the ASP.NET provider we get an error message (see below).  We use the testIdentityStore endpoint to get the following error from our server at https://webadaptor.ourdomain.com/arcgis/admin/security/config/testIdentityStore .

 

Error Message:

{

  • status: "error",
  • messages: [],
    • "Instance of class 'AGSMembershipProvider.AGSADMembershipProvider' could not be created or class does not extend RoleProvider."
  • code: 500

}

 

I am inserting the following block, except replace by the admin login/pass.  We made sure ASP.NET 3.5 SP 1 was installed and re-ran the AGS installer to make sure the .NET module was installed.

 

{

     "type": "ASP_NET",

      "class": "AGSMembershipProvider.AGSADMembershipProvider",

      "properties": {

          "adminUserPassword": "[user password]",

           "adminUser": "[domain]\\[user name]"

      }

}

 

I followed the directions on this page exactly:

Using nested groups in a Windows Active Directory identity store—Documentation (10.3 and 10.3.1) | ArcGIS for Server

Outcomes