Creating Security Groups in Active Directory

Default CloudControl rules are created by mapping existing user groups in AD to default roles in CloudControl when CloudControl is converted to Directory Service mode. In a complex environment with a large number of administrators, it is common to create unique AD group names that correspond to each of the CloudControl default roles. At a minimum, one AD security group must be mapped for the AD conversion to be successful. For example, you could map SuperAdmin to the ASC_SuperAdmin role. AD group names do not need to follow the CloudControl naming convention.

You can retrieve the necessary Active Directory users and group information with ReadOnly privileges.

Perform the following to create the CloudControl security groups in AD:

1. Create a security group for each CloudControl role described in Default Roles and Permissions.

2. For each group, assign the Group scope to Global and the Group type to Security.

   CloudControl supports security groups with domain local, domain global, and/or universal scope. Check with your AD administrator to confirm the proper setting for your environment.