Warning
Potential for Data Loss: The steps detailed in the resolution of this article may result in a loss of critical data if not performed properly. Before beginning these steps, make sure all important data is backed up in the event of data loss. If you are unsure or unfamiliar with any complex steps detailed in this article, please contact Product Support for assistance.
Issue
Note: To enable Windows Authentication login in Security Expert, the following are required:
- SX-AD-USR: Active Directory User Integration License.
- During Security Expert installation, "Enable Windows Authentication on Data Service / Client Communications" must be enabled.
- In Security Expert Client: enable "Use Windows Authentication" Found in Global | Operators| Configuration section.
A site has the domain abc.xyz.com (Where ABC is the domain and XYZ is the sub-domain)
When Windows Authentication is enabled, users on the sub-domain (i.e: XYZ\username) are not visible in AD Search (found in Security ExpertX Client: Global | Operators| Username field| ellipsis [...]). Because of this, It is not possible to directly connect operators with AD sub-domain users.
Product Line
EcoStruxure Security Expert
Environment
Security Expert Server
Cause
This is an Active Directory design. The Search feature for Active Directory users will have the same visibility as the machine it's installed on. (In this case, the machine was joined to the ABC domain and this is the domain Security Expert is able to pull information from). XYZ Sub-domain users might have permission to access the ABC domain but they are not on the domain. Therefore, Security Expert can't search for them.
Resolution
Security Expert, the machines and the users must be on the same domain:
Solution 1:
Manually adjust the domain on the login page ex: "XYZ\username"
- The XYZ sub-domain users must have ABC privileges.
Solution 2:
Create duplicate users on the ABC domain
- This is a temporary solution because you will be left with duplicate users
Solution 3:
Change the domain structure in Active Directory to match the users, workstations and Security Expert client/server on the same domain
