Enabling Active Directory account access
You can use the security login create command to enable Active Directory (AD) user or group accounts to access an admin or data SVM . Any user in the AD group can access the SVM with the role that is assigned to the group.
Before you begin
The cluster time must be synchronized to within five minutes of the time on the AD domain controller.
You must be a cluster administrator to perform this task.
About this task
You must configure AD domain controller access to the cluster or SVM before the account can access the SVM .
Refer to Configuring Active Directory domain controller access.
You can perform this task before or after you enable account access.
If you are unsure of the access control role that you want to assign to the login account, you can use the security login modify command to add the role later.
For complete command syntax, see the worksheet Creating or modifying login accounts.
Example
The following command enables the AD cluster administrator account DOMAIN1\guest1 with the predefined backup role to access the admin SVM engCluster .
cluster1::>security login create -vserver engCluster -user-or-group
-name DOMAIN1\guest1 -application ssh -authmethod domain -role backup
The following command enables the SVM administrator accounts in the AD group account DOMAIN1\adgroup with the predefined vsadmin-volum role to access the SVM engData .
cluster1::>security login create -vserver engData -user-or-group
-name DOMAIN1\adgroup -application ssh -authmethod domain -role vsadmin-
volume
After you finish
If you have not configured AD domain controller access to the cluster or SVM , you must do so before the account can access the SVM .
Refer to Configuring Active Directory domain controller access.