The most common way to add groups in AMC is to browse an external directory and add matching groups.
In the AMC, navigate to Security Administration > Users & Groups.
Select the Mapped Accounts tab.
Click the + (New) icon.
Select Directory search from the dropdown menu.
Select the realm you want to search (only realms that use an Active Directory, Active Directory Tree, or
LDAP authentication server are available).
If you select a realm that uses an authentication server on which group checking is disabled, the Search field is not clickable and the message
Group checking has been disabled for this
realm is displayed. See Disabling Authorization Checks for more information.
- If the realm you selected uses an Active Directory Tree authentication server, select the domain you want
Define your search criteria:
In the Search directory field, type all or part of a user or group name. The default is
*, which returns all records in the realm. You can use the wild card character (
*) anywhere in the search string. For example, to find group names beginning with the letter
j, you would type
j*. Or, to find users named
Marty (but not Max), you could type
To narrow your search, type the name and select Groups only or Users only from the drop-down menu. For example, you might type
sn to look for a user’s surname or
cn to find a common name.
To specify more detailed search criteria, click the Advanced tab; see Advanced Search Methods for details.
Click Search, which displays all matches in the second column.
Locate the objects you want to add:
Use the arrow buttons (< and >) in the lower left pane to page through the results. Use << and >> to display the first and last pages.
To view detailed information about a user or group, click its name. A detailed list of attributes appears in the right-hand pane. If a group is nested, click the sub-group to see its details:
The number of nested levels that it is possible to display is configured when you set up an
authentication server; see Configuring LDAP with Username and Password and Configuring Active Directory with Username and Password for more information.
Select the checkbox to the left of any users or groups you want to add to the appliance.
To add selections to the appliance, click the Add Selected button.
The items are added to the list on the
appropriate page (Groups or Users) in alphabetical order.
When you’re finished, click the Close button in the upper right to close the Search Directory page.
By default, the basic search is configured to locate users and groups by querying the sAMAccountName, cn, uid, and userid attributes.
Most chained authentication deployments involve an LDAP or AD server paired with another
authentication server (like RADIUS). In the unlikely event that you are using chained authentication with
a combination of LDAP and AD servers, keep the following in mind:
If you are searching for users, only search results from the first LDAP or AD authentication server in the chain are displayed. The policy server, however, returns results from both servers in the chain.
The same is true when searching for groups (except if an affinity server is configured for the realm: it will be searched instead of the authentication servers).
For example, if you have a group called Accounting on both LDAP or AD servers in your chained
authentication, any access control rules you create that are restricted to the Accounting group applies to
group members on both servers, even though the Search Directory page shows results from just the first
server in the chain.