I’m trying to set up Octopus to use our Active Directory groups to manage team memberships. We can all successfully authenticate, and I can add groups to a team so things are going pretty well. But the group permissions don’t actually work for any nested groups.
I ran this code snippet from an Octopus help article and it is throwing an error enumerating the groups returned by GetAuthorizationGroups
:
System.Runtime.InteropServices.COMException: The specified directory service attribute or value does not exist.
If I run that script as a Domain Admin then everything works perfectly. I take that to mean that the user I’m running Octopus as is missing some permissions. But which ones? Which permissions does the Octopus user need to get groups via GetAuthorizationGroups
?