Importing AD User Groups

You must specify Group settings in the AD module before you can import groups from the AD server. See AD Group Settings.

After making a change to imported groups or users, you must synchronize the AD user groups you changed so that the imported groups are mapped to the appropriate groups on AD and synchronize all AD modules to synchronize all groups and users in all modules. See Synchronize All User Groups with AD and Synchronize All AD Modules.

You can import nested groups from AD.

Note: Make sure that you have configured the CC-SG DNS and Domain Suffix in Configuration Manager before attempting to import AD user groups. See Advanced Administration.

• To import AD user groups:

1. Choose Administration > Security.
2. Click the Authentication tab. All configured Authorization and Authentication Servers appear in a table.
3. Select the AD server whose AD user groups you want to import.
4. Click Import AD User Groups to retrieve a list of user group values stored on the AD server. If any of the user groups are not already on the CC-SG, you can import them here and assign them an access policy.
5. Select the groups you want to import to CC-SG.
   • Imported user group names can include up to 64 characters.
   • To search for user groups, type a search string in the Search for User Group field, and then click Go.
   • Click a column header to sort the list of user groups by the information in that column.
   • Click Select all to select all user groups for import.
   • Click Deselect all to deselect all selected user groups.
6. In the Policies column, select a CC-SG access policy from the list to assign the policy to the selected group.
7. Click Import to import the selected user groups.

Tip: To check that the group imported properly and to view the privileges of the group just imported, click the Users tab, then select the imported group to open the User Group Profile screen. Verify the information in the Privileges and Device/Node Policies tab. Click the Active Directory Associations tab to view information on the AD module associated with the user group.