Community Tip - You can Bookmark boards, posts or articles that you'd like to access again easily! X
I created a new Group called "OrgAdmins" and added the group under "Administrators". I added few users into "OrgAdmins" group. now, when I login for the first time, my user is automatically removed from "OrgAdmins" group and I do not have access to perform any admin tasks.
Hi Varunraj,
Did you enable the Directory Service and did the group mapping?
Check it under Security->Directory Services->open the Directory Service you imported if it exists, check if it's enabled and then check the Configuration like Group Mappings.
Br,
Anna
Hi Anna,
Thanks for the reply. I just checked the AD and I have 2 active directory. one is enables(which is what I use) and another disabled (I disabled it intentionally). On the Configuration section of the enabled AD, I did not do any group mapping. when I just tried to do so, the AD group is disabled and doesnot show any group.
I have configured ThingWorx such that all users in my organization can login to ThingWorx.And then I will grant access by adding them to specific groups. pls suggest if any thing is wrong?
Hi Varunraj,
When your AD server is connectable, try to run GetDomainGroups service under your directory service, and then go back to Configuration tab, you should configure the Group mapping then. Give a correct mapping(especially the one you logged in with ) and try again. If not work also you could try to disable Directory service to see if the issue is gone to check if it's relevant to the Directory service.
Thanks,
Br,
Anna
Hi Anna,
I just tried as you suggested. When the AD is disabled, I am able to login with the user and could see all access as defined. But the moment i enable AD, I get removed from groups.
Also, when I execute the GetDomainGroups service, I get an error "Unable to Invoke Service GetDomainGroups on StrykerGlobalActiveDirectory : Unbalanced parenthesis"
Below is the screen shot of my AD configuration.
Hi Varunraj,
Not quite sure but it seems like you are not well connected to the AD server or the search filter is not correct.
Could you check if you set the Distinguished Name correctly? On my side, I set the User Base Distinguished Name like:
CN = Users,DC=demo2005,DC=myentreprise,DC=com
Thanks,
Br,
Anna
Hi Anna,
in my case the "User Base Distinguished name" is "DC=myentreprise,DC=com"
Hi Varunraj,
Please make sure you have correctly configured it according to your LDAP directory structure.
Here is snapshop from my side:
My users/group are contained under Users folder.
So my Domain Distinguished Name and User Base Distinguished Name is CN=uSERS,DC=demo2003,DC=entreprise,DC=com
Just for your reference.
Thanks,
Br,
Anna
Hi Anna,
Thanks for that input. I have kept the "User Base Distinguished Name" simlor (DC=entreprise,DC=com) to Windchill server configuration and in Windchill it works well without any issue. I will still check with the AD team to see if i am making any mistake.
Anna,
in my company we have multiple OU's under the "DC=entreprise,DC=com" where users are managed. so I cannot give a single OU (like cn=Users) as defined by you. Pls help.