Client Automation - Permissions set for users in Active Directory Groups are not seen

book

Article ID: 144855

calendar_today

Updated On:

Products

CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Software Delivery CA Client Automation - Remote Control

Issue/Introduction

Active Directory groups are added as security profile with a set of class permissions. But user belonging to this AD group has not the class permissions set.

For example when trying to open DSM GUI, the login dialog box appears even if we are logged with a user belonging to a AD group which has full rights in ITCM.


There is same problem with RC permissions.
User has no permission to take control of machines even if he belongs to a AD group with RC permissions

Cause

This problem occurs if there are 2 or more AD Domains and AD group are Local Domain group.
The scope of AD Local Group is only the AD Domain where it is created and it is not seen outside the AD Domain

Environment

All client Automation versions

Resolution

In Active Directory change the "Group Scope" of the group from "Domain Local" to "Global" :



This group will be seen outside its AD Domain.

Attachments