Viewing your Active Directory Settings

The Primary Authentication page displays all the information for your Active Directory configuration. All of the information can be modified.

Note: If you have configured two Active Directories, only one is shown at a time. Use the Active Directory drop-down at the top right to select the Active Directory that you want to view. The Active Directory with a star is the default identify source.

All user names are normalized in the format <name>@<domain> before they are displayed in the CloudControl GUI.

Note: If you modify any information on a tab, you must click Apply to save your changes before you view a different tab. Otherwise CloudControl will prompt you to save or discard your changes, or cancel changing tabs.

Service Account tab

Displays the current service account used to integrate with Active Directory.

To modify, enter the new service account and the password, reconfirm the password, and click Apply.

Domains tab

Displays the domain, the domain controllers, and the global catalogs used to find the users and groups for authentication purposes.

  • To modify your existing settings, click the domain link, or select the domain and click the Edit button.

  • To add a new domain, domain controller and global catalog, click the Add button.

When finished making changes, click Apply.

ASC_SuperAdmin Role Mapping tab

  • Displays the information for the ASC-SuperAdmin role. To update the role mapping, you must update the Root trust manifest. See About Access Control Policies.

    • Advanced tab

    Displays the following: 

    • User-To-Group Map Cache Timeout (minutes)—Configures how long CloudControl will cache the mapping of group memberships for a user before freshly discovering the mappings from the directory service. Valid entries are from 1 minute to 1440 minutes.

      We recommend that you use the default value of 5 minutes.

    • Enable Nested Group Search—When disabled, CloudControl discovers only direct group memberships. When enabled, CloudControl builds a list of both direct and nested group memberships by searching recursively within any nested groups that are used in any existing Rules.

      The default setting is enabled. Leave set to enabled if you have nested groups in your Directory Service or in any existing Rules and require recursive searching.

      If recursive searching of nested groups is not required, you can disable this to improve query efficiency.

      Select Refresh > Refresh User-to-Group Map Cache to force change updates in between your scheduled User-to-Group Map Cache Timeout. This allows you to set a longer cache period and manually refresh when needed.

    • Nested Group Map Cache Timeout (minutes)—If Enable Nested Group Search is enabled, this configures how long CloudControl will cache recursive group memberships (groups that are contained within other groups) that are used in existing Rules before freshly discovering the mappings from the directory service. Valid entries are from 10 minutes to 1440 minutes, and the default value is 60 minutes.

      Select Refresh > Refresh Nested Group Map Cache to immediately refresh the nested group map cache.

    • Domain Controllers Status Refresh Interval (minutes)—Configures how long CloudControl will cache the domain controller status before freshly discovering the status from the directory service. Valid entries are from 1 minute to 525600 minutes, and the default is 1440 minutes.

      Select Refresh > Run Domain Controller Status Refresh to immediately refresh the domain controller status.

    • Discovery Service Refresh (minutes)—For Automated Discovery only, specify the time interval in minutes at which Active Directory settings will be re-discovered. Valid entries are from 30 minutes to 525600 minutes, and the default is 1440 minutes.

    • Select Refresh > AD Configuration Refresh to force the system to search for new domain controllers and global catalogs for existing domains.

    Actions menu

    On the Actions menu, you can select one of the following: 

    • Actions > Change to Manual Mode—If you are in Automated Discovery mode, allows you to change to manual mode.
    • Actions > Change to AD Mode—If you are in manual mode, allows you to change to Automated Discovery mode.
    • Actions > Reconfigure Active Directory—Allows you to completely change your AD settings.
    • Actions > Add Active Directory—Allows you to configure a second Active Directory. The limit is 2.
    • Actions > Remove Active Directory—If you have two Active Directories, you can remove one of them. The current Active Directory shown in the Authentication window is the one that will be removed.