Manualshelf

Developers Guide

ManualsBrandsDell ManualsConverged InfrastructureStorage Solution Resources
11121314151617181920
19 Dell EMC SC Series and Active Directory Integration | CML1135
A global group can contain users, computers and groups from the same domain, but not universal groups. A
global group can be a member of global groups of the same domain, domain local groups, or universal groups
of any domain in the forest or trusted domains.
A domain local group can contain users, computers, global groups, and universal groups from any domain
in the forest and any trusted domain, and domain local groups from the same domain. Domain local groups
can be a member of any domain local group in the same domain.
A user in a child domain can gain access to the SC Series array by being a member of a parent domain group
that has access, or by being a member of a local child domain group that is a member of a parent domain
group that has access. In this configuration, the parent domain group should be set to domain local because a
global group cannot contain domain local or global groups from a child domain.
A user in a trusted domain can gain access to the SC Series array by being a member of a local domain
group that has access, or by being a member of group on the trusted domain that is a member of the local
domain group that has access. In this configuration, the local domain group should be set to domain local.
The local domain group cannot be a global group because global groups cannot contain cross-domain
members. Groups on the trusted domain should be created as global.
4.2.2 Account and group deletion
When an Active Directory user account is deleted, access to the SC Series array (whether access was
granted directly or through group membership) is lost. The corresponding SC Series user account must be
manually deleted.
When an Active Directory group is deleted, all the users of that AD group lose access to the SC Series array,
unless the users have access granted directly. The group mapping and all user accounts that were part of
that group must be manually deleted from the SC Series array.
4.2.3 Disabled or locked out accounts
Active Directory user accounts with access to the SC Series array (either directly or by group membership)
will be unable to log in to the SC Series array if the user account is disabled or locked out in Active Directory.
Access to the SC Series array is regained when the account is enabled.