Table of ContentsView in Frames

Providing access to Active Directory users or groups

You can provide access to Active Directory (AD) user or group accounts for SVM administrators to access the SVMs with the Windows Active Directory authentication method.

Before you begin

About this task

The AD group provides centralized privilege level control for user accounts and supports only SSH and Data ONTAP API access methods. Any user belonging to the AD group can access the SVM with a role assigned to the group.

Step

  1. Use the security login create command to grant access to AD users or groups:
    • AD user accounts

      The following command creates an account with the user name guest in DOMAIN1, the application ssh, the authentication method domain, and the access-control role vsadmin for the SVM vs0:

      cluster1::> security login create -user-or-group-name DOMAIN1\guest -application ssh -authmethod domain -role vsadmin -vserver vs0.example.com
    • AD group accounts

      The following command creates an account with the AD group name adgroup in DOMAIN1, the application ssh, the authentication method domain, and the access-control role vsadmin for the SVM vs1:

       cluster1::> security login create -user-or-group-name DOMAIN1\adgroup -application ssh -authmethod domain -role vsadmin -vserver vs1.example.com