You can pick what devices etc a AD user has access to, however you cannot setup someone to be a full Administrator with access to the Setup Menu etc. At least as far as I can tell. Am I missing something?
Active Directory Integration does not allow creating of Full Administrators
you're right: AD users cannot be full PRTG System Administrator users. This is by design, as PRTG administrators should always be able to log in to PRTG, even if a connection the Active Directory should fail. Usually, the number of full PRTG administrator users is small, so we think this is an acceptable solution.
This would be nice to have. That way we can manage all the servers in AD. Maybe allow AD users to be added to multiple groups.
I don´t think that it is an argument that the AD can be offline, for this case you ever have one lokal account for emergency. But for dayly work FULL AD integration including the posibility of discerning use is higly recommended.
we will discuss this again and might make some changes.
I agree with the other comments.
To not have the ability for AD users to be a full administrator, greatly diminishes the usefulness of AD integration.
I currently have two accounts, one AD and one PRTG because the AD user can't look at or modify:
- Notifications that were setup by other users
- Schedules that were setup by other users
- User Accounts or Groups
- System Status
- Cluster setup or Status
- Probe configuration or installation
- Notification Delivery
- Any of the System or Website settings
In other words, AD integration is useful for people who are watching the monitoring, but for those of us who need to administer PRTG it's useless.
I love PRTG, but I just wish the AD integration had been thought out a little more thoroughly.
Changes to this are considered and in the pipeline. Please bear with us.
This feature will be very usefull, many other systems have this feature. Can you estimate the implementation date?
That's actually available as of Yesterday with version 9.1.6:
- New: [Core] You can now promote users of any PRTG user group to admins (this is an user group setting, if enabled all users of a group are admins). This means that you can now also manage PRTG admins in the Active Directory, too, by creating an AD based group in PRTG and giving this group admin rights https://www.paessler.com/prtg/prtg9history
This new update (188.8.131.522) is nice, but how does PRTG know what organizational unit (OU) to use to put users in?
USER1 is in IS Dept (primary) USER1 is also in NOC and many others...
USER2 is also in IS Dept USER to is also in NOC (primary) and many others...
I want to give the IS Dept admin rights, but when USER1 logs in to PRTG it puts them in the NOC group. Then I don't want USER2 to have admin rights but PRTG puts them in the IS Dept group.
If you want to give USER1 admin rights and USER2 not, then you have to make sure that the PRTG User Group which grants the admin rights contains USER1 and not USER2. This means also that the AD Group associated with this 'Admin' PRTG User Group has to contain USER1 and not USER2. If there is no AD Group in your company reflecting this, you have to create a new AD group and organize membership to this group accordingly. If you create several PRTG user grops with AD associations, a PRTG user will get membership to all these groups as long as its AD account is a member of the associated AD group. In PRTG he gets then the rights of all PRTG user groups where he is a member and if one of them grants admin rights that means he has admin rights no matter what other group memberships exist.
Hope that helps, it is pretty straighforwand. Of course PRTG cannot guess what to do, it can only reflect group memberships from the AD in its own user groups and then you have to set the rights of these prtg user groups so they behave like you want in PRTG.