Enable Active Directory account access

Contributors

You can use the security login create command to enable Active Directory (AD) user or group accounts to access an admin or data SVM. Any user in the AD group can access the SVM with the role that is assigned to the group.

What you’ll need
  • The cluster time must be synchronized to within five minutes of the time on the AD domain controller.

  • You must be a cluster administrator to perform this task.

About this task
Note

AD group account access is supported only with the SSH and ontapi applications.

Step
  1. Enable AD user or group administrator accounts to access an SVM:

    security login create -vserver SVM_name -user-or-group-name user_or_group_name -application application -authmethod domain -role role -comment comment

    For complete command syntax, see the worksheet.

    The following command enables the AD cluster administrator account DOMAIN1\guest1 with the predefined backup role to access the admin SVMengCluster.

    cluster1::>security login create -vserver engCluster -user-or-group-name DOMAIN1\guest1 -application ssh -authmethod domain -role backup

    The following command enables the SVM administrator accounts in the AD group account DOMAIN1\adgroup with the predefined vsadmin-volume role to access the SVMengData.

    cluster1::>security login create -vserver engData -user-or-group-name DOMAIN1\adgroup -application ssh -authmethod domain -role vsadmin-volume
After you finish

If you have not configured AD domain controller access to the cluster or SVM, you must do so before the account can access the SVM.