Hi,
on the team screen when I click the “Add Active Directory group” button I can find some, but not all active directory groups in our domain. I read somewhere on here that this has to do with pointing at the wrong domain. We only have one domain though and even if we had more than one how could I point it to a specific one?
Hi,
Thanks for getting in touch! Since all of your groups exist within the one domain, I suspect it’s a permission issue with your service account user. Can I ask a few questions about your environment?
Does the user that is running the Octopus service have the ‘Read all properties’ permission in Active Directory?
Do you notice any correlation between the groups you do find and those you don’t? (For example, are different groups in different organizational units?)
Additionally, we have a couple PowerShell scripts in our Troubleshooting AD integration doc page designed to help troubleshoot these kinds of issues. The second script in this section duplicates the logic Octopus uses to find groups when adding to an Octopus team. Run that as your same service account user.
To answer your last question, Active Directory calls are made on behalf of the service account user that is running Octopus. If you want to give access to users or groups in another domain, you would need to configure a trust relationship between the two.
Kind regards,
Kenny
Hi Kenneth,
I think it doesn’t pick up groups with type “Distribution”, but only “Security”. This is probably intentional.
Thanks,
Jann
Hi Jann,
Thanks for following up. You’re right, this is intentional. We only use Security groups for controlling access permissions.
Let me know if you have any further questions!
Kenny