Enable Active Directory account access
You can use the
security login create command to enable Active Directory (AD) user or group accounts to access an admin or data SVM. Any user in the AD group can access the SVM with the role that is assigned to the group.
The cluster time must be synchronized to within five minutes of the time on the AD domain controller.
You must be a cluster administrator to perform this task.
You must configure AD domain controller access to the cluster or SVM before the account can access the SVM.
You can perform this task before or after you enable account access.
If you are unsure of the access control role that you want to assign to the login account, you can use the
security login modifycommand to add the role later.
AD group account access is supported only with the
Enable AD user or group administrator accounts to access an SVM:
security login create -vserver SVM_name -user-or-group-name user_or_group_name -application application -authmethod domain -role role -comment comment
For complete command syntax, see the worksheet.
The following command enables the AD cluster administrator account
DOMAIN1\guest1with the predefined
backuprole to access the admin SVM
cluster1::>security login create -vserver engCluster -user-or-group-name DOMAIN1\guest1 -application ssh -authmethod domain -role backup
The following command enables the SVM administrator accounts in the AD group account
DOMAIN1\adgroupwith the predefined
vsadmin-volumerole to access the SVM
cluster1::>security login create -vserver engData -user-or-group-name DOMAIN1\adgroup -application ssh -authmethod domain -role vsadmin-volume
If you have not configured AD domain controller access to the cluster or SVM, you must do so before the account can access the SVM.