Hello,
I am using APM 10.7 pointing to EEM which refers to two AD nodes.
I would like to setup APM so that the user administration is left to Active Directory team.
I mean that I want to define groups and policies in EEM so that every user in a certain AD group can be an Administrator and other users in a different AD Group are Guests: in a nutshell I do not want to add/remove users in EEM Groups.
So I worked as I used to do with another product (Autosys): I defined an Application Group and then a Dynamic group linked to an AD Group.
Then I modified the Domain access policy so that users in that Dynamic Group are "Administrator" for a certain domain.
My userid is in that AD Group but if I try to login to Workstation I get an error: "user has no read permission on any domain" (authentication step is successful, authorization is not).
If I add manually my Userid in the Dynamic Group I can login without any problem. Of course this is not a solution as the group is no more "dynamic".
Note that in both cases if I look at my userid I see that I am in the Dynamic Group that I defined, same access policy for Domain.
So... it seems that all the policies are Ok but userid is not checked in the AD Group that I added to the Dynamic Group.
Any idea?
Thanks, Giuseppe