Setting up AD Group permissions

How are the users authenticating? If these are domain accounts users will need to specify their login credentials in the domain\username format.

I'm going with aLTeReGo on this one, but jumping ahead, MAKE SURE they login with:

domainname\username

...or...

username@domainname

AD has the concept of a Security Group and a Distribution Group.  When you casually look @ a group you typically can't tell which type of group it is.

I believe NPM only uses AD Security Groups for Authentication.  You might want to have a look inside AD or ask your AD administrator what kind of group was created for your Data Center team.

Chris

Further to AD groups, I've done some recent testing and am pretty sure that the AD groups you use need to be "security" groups and not "Distribution" groups.

If you need to explore this by yourself here are some things that might be helpful

• If your server is part of an AD group, there usually is a copy "Active Directory Users and Groups" in the "Admin Tools" menu.  This will let you wander around AD (with user level privs) to see what is there.
  
• when looking at groups, this is what to look for:
  • A Security group (Useful)
    • 
  • A Distribution group (Useless)
    • 
• Identify a user you want to give the special privs to.
  • Find their account in AD
  • Find out what groups they belong to by looking at the "member of" tab then start looking for a small enough security group that they belong to
  • 
• When adding AD users / groups in NPM, there are blocks of text at the top of the pages. They are REALLY worthwhile to read.
• If you are experimenting with a user's access in NPM, Use yourself as the test case. It impacts less people.
• Build yourself a backup account in case you completely lock yourself out of NPM. I create a NPM db account named cgregorsbackup with my favorite obscure password. just in case.
• DO NOT grant anything other than basic privileges to the AD group DOMAINNAME\Domain Users

I came across this issue and through troubleshooting was under the impression that it might be Global security groups vs. Universal security groups, Universal Security groups were not working for me.  I then changed the group type for my SOLARWINDS_READ security group that I was trying to use and it did not work.  I tried another Global security group and it worked.  I removed the SOLARWINDS_READ group from Solarwinds groups and re-added it, it was then working.  I changed the SOLARWINDS_READ group back to a Universal security group and it still seems to be working.  I removed and re-added it yet again as a Universal group and it is still working.

Moral of the story is, try just removing the group from Solarwinds and re-adding it.