You can pick what devices etc a AD user has access to, however you cannot setup someone to be a full Administrator with access to the Setup Menu etc. At least as far as I can tell. Am I missing something?
Active Directory Integration does not allow creating of Full Administrators
Votes:
0
10 Replies
Accepted Answer
Votes:
0
Dear Geoff,
you're right: AD users cannot be full PRTG System Administrator users. This is by design, as PRTG administrators should always be able to log in to PRTG, even if a connection the Active Directory should fail. Usually, the number of full PRTG administrator users is small, so we think this is an acceptable solution.
Created on Oct 4, 2011 11:03:15 AM by
Last change on Oct 5, 2011 8:16:23 AM by
Votes:
0
we will discuss this again and might make some changes.
Created on Oct 27, 2011 9:14:27 AM by
Votes:
0
I agree with the other comments.
To not have the ability for AD users to be a full administrator, greatly diminishes the usefulness of AD integration.
I currently have two accounts, one AD and one PRTG because the AD user can't look at or modify:
- Notifications that were setup by other users
- Schedules that were setup by other users
- User Accounts or Groups
- System Status
- Cluster setup or Status
- Probe configuration or installation
- Notification Delivery
- Any of the System or Website settings
In other words, AD integration is useful for people who are watching the monitoring, but for those of us who need to administer PRTG it's useless.
I love PRTG, but I just wish the AD integration had been thought out a little more thoroughly.
Last change on Dec 7, 2011 9:08:59 PM by
Votes:
0
Changes to this are considered and in the pipeline. Please bear with us.
Created on Dec 7, 2011 9:09:19 PM by
Votes:
0
That's actually available as of Yesterday with version 9.1.6:
- New: [Core] You can now promote users of any PRTG user group to admins (this is an user group setting, if enabled all users of a group are admins). This means that you can now also manage PRTG admins in the Active Directory, too, by creating an AD based group in PRTG and giving this group admin rights https://www.paessler.com/prtg/prtg9history
Created on Dec 16, 2011 9:46:51 AM by
Votes:
0
If you want to give USER1 admin rights and USER2 not, then you have to make sure that the PRTG User Group which grants the admin rights contains USER1 and not USER2. This means also that the AD Group associated with this 'Admin' PRTG User Group has to contain USER1 and not USER2. If there is no AD Group in your company reflecting this, you have to create a new AD group and organize membership to this group accordingly. If you create several PRTG user grops with AD associations, a PRTG user will get membership to all these groups as long as its AD account is a member of the associated AD group. In PRTG he gets then the rights of all PRTG user groups where he is a member and if one of them grants admin rights that means he has admin rights no matter what other group memberships exist.
Hope that helps, it is pretty straighforwand. Of course PRTG cannot guess what to do, it can only reflect group memberships from the AD in its own user groups and then you have to set the rights of these prtg user groups so they behave like you want in PRTG.
Created on Dec 29, 2011 11:06:24 AM by
Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
Add comment