ArcGIS for Server 10.1 AD Security

Discussion created by jvseagle-co-nz-esridist Employee on Jul 2, 2013
Latest reply on Jul 10, 2013 by Justin_Rodriguez-esristaff

I have ArcGIS for Server 10.1 SP1 installed and have configured it to use Windows Authentication (Web Tier).
To do so I have to provide an account that belongs to the domain which is fine.

However, after log out and log in again I have noticed that AGS for Server is not actually getting the roles and users from AD using the account I just used to log in into Manager. It is using the original user I have used to get information about the AD store.

It has happen that this account expires and I have noticed that from then on the entire AGS server software stops recognizing any user at all to the exception of the primary site administrator which is a local user account.

Note that sometimes, AGS for Server is installed by teams that I have no control using normally a power user with more privileges than what is required for AGS for Server.

When I log in into AGS for Server it should use my account to get information from AD and not the original account ... which I thought it was only used to get the inital information to be used for configuring the 3 roles (admin, publishing and viewer).