Enabling Active Directory account access

You can use the security login create command to enable Active Directory (AD) user or group accounts to access an admin or data SVM. Any user in the AD group can access the SVM with the role that is assigned to the group.

Before you begin

About this task

Note: AD group account access is supported only with the SSH and ontapi applications.

Step

  1. Enable AD user or group administrator accounts to access an SVM: security login create -vserver SVM_name -user-or-group-name user_or_group_name -application application -authmethod domain -role role -comment comment

    For complete command syntax, see the worksheet.

    Creating or modifying login accounts

    Example

    The following command enables the AD cluster administrator account DOMAIN1\guest1 with the predefined backup role to access the admin SVM engCluster.

    cluster1::>security login create -vserver engCluster -user-or-group-name DOMAIN1\guest1 -application ssh -authmethod domain -role backup

    The following command enables the SVM administrator accounts in the AD group account DOMAIN1\adgroup with the predefined vsadmin-volume role to access the SVM engData.

    cluster1::>security login create -vserver engData -user-or-group-name DOMAIN1\adgroup -application ssh -authmethod domain -role vsadmin-volume

After you finish

If you have not configured AD domain controller access to the cluster or SVM, you must do so before the account can access the SVM.

Configuring Active Directory domain controller access