It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×42,860

question asked: May 30 '10, 11:05 p.m.
question was seen: 7,177 times
last updated: Feb 06 '15, 8:12 a.m.

Related questions

RTC + Active Directory with Global Catalog

0
Bruno Braga (48013621) | asked May 30 '10, 11:05 p.m.
Hi guys,

We've already set some RTC servers with AD (Active Directory) before, but now we are having problems with the AD Global Catalog.

Active Directory Global Catalog reference:
http://technet.microsoft.com/en-us/library/cc728188%28WS.10%29.aspx
http://technet.microsoft.com/en-us/library/how-global-catalog-servers-work%28WS.10%29.aspx

http://www.brunobraga.com.br/img/jazz/ad_global_catalog.png

Config Details:
- We are connecting RTC in domain A, which has under it the domain B, C and D.
- The users and groups are in domain B, C and D, ok?
- The RTC configuration including the setup / test was done without problems.

So, we can add Active Directory users, like that:
http://www.brunobraga.com.br/img/jazz/rtc_user_groups.png

But RTC failed to read groups / permissions, and when he tries to login:
http://www.brunobraga.com.br/img/jazz/rtc_user_login.png

He has to be an admin.

Ok, you could tell me that this is a problem of "web.xml". This is usually caused by lack of mapping of the groups (AD x Jazz) in web.xml or teamserver.properties.
But apparently the settings are ok and if you want I can send these files by email for review.

I believe the problem comes when RTC tries to read the groups from the Global Catalog. There is some consideration about that?

We have some debug / log for this?

One answer

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Bruno Braga (48013621) | answered May 31 '10, 5:46 p.m.
We changed the Group Scope from Global to Universal and that fix the problem.

Group Scopes: http://technet.microsoft.com/en-us/library/cc755692%28WS.10%29.aspx

So, to use AD with Global Catalog (multi-domains) is necessary groups with scope Universal.
This solution / requirement can be documented?
Comments
Robert Carter commented Feb 06 '15, 8:12 a.m.

 Based on the documentation from Microsoft.  It would appear that in a scenario with two domains that you would need to create 12 AD groups (JazzUsers,JazzProjectAdmins,JazzDWAdmins,JazzAdmins)?


Universal Groups - JazzUsers,JazzProjectAdmins,JazzDWAdmins,JazzAdmins
Then DomainA Groups - JazzUsers,JazzProjectAdmins,JazzDWAdmins,JazzAdmins
Then DomainB Groups - JazzUsers,JazzProjectAdmins,JazzDWAdmins,JazzAdmins

Then assign the group membership like:
- Universal\JazzUsers
---- DomainA\JazzUsers
---- DomainB\JazzUsers

-Universal\JazzAdmins
---- DomainA\JazzAdmins
---- DomainB\JazzAdmins

etc.. ?

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.