What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Active Directory Integration does not allow creating of Full Administrators

Votes:

0

You can pick what devices etc a AD user has access to, however you cannot setup someone to be a full Administrator with access to the Setup Menu etc. At least as far as I can tell. Am I missing something?

active-directory security user-accounts

Created on Sep 30, 2011 6:23:00 PM



10 Replies

Accepted Answer

Votes:

0

Dear Geoff,

you're right: AD users cannot be full PRTG System Administrator users. This is by design, as PRTG administrators should always be able to log in to PRTG, even if a connection the Active Directory should fail. Usually, the number of full PRTG administrator users is small, so we think this is an acceptable solution.

Created on Oct 4, 2011 11:03:15 AM by  Daniel Zobel [Product Manager]

Last change on Oct 5, 2011 8:16:23 AM by  Aurelio Lombardi [Paessler Support]



Votes:

0

This would be nice to have. That way we can manage all the servers in AD. Maybe allow AD users to be added to multiple groups.

Created on Oct 4, 2011 10:43:42 PM



Votes:

0

I don´t think that it is an argument that the AD can be offline, for this case you ever have one lokal account for emergency. But for dayly work FULL AD integration including the posibility of discerning use is higly recommended.

Created on Oct 26, 2011 4:05:21 PM



Votes:

0

we will discuss this again and might make some changes.

Created on Oct 27, 2011 9:14:27 AM by  Aurelio Lombardi [Paessler Support]



Votes:

0

I agree with the other comments.

To not have the ability for AD users to be a full administrator, greatly diminishes the usefulness of AD integration.

I currently have two accounts, one AD and one PRTG because the AD user can't look at or modify:

  1. Notifications that were setup by other users
  2. Schedules that were setup by other users
  3. User Accounts or Groups
  4. System Status
  5. Cluster setup or Status
  6. Probe configuration or installation
  7. Notification Delivery
  8. Any of the System or Website settings

In other words, AD integration is useful for people who are watching the monitoring, but for those of us who need to administer PRTG it's useless.

I love PRTG, but I just wish the AD integration had been thought out a little more thoroughly.

Created on Dec 7, 2011 8:02:52 PM

Last change on Dec 7, 2011 9:08:59 PM by  Torsten Lindner [Paessler Support]



Votes:

0

Changes to this are considered and in the pipeline. Please bear with us.

Created on Dec 7, 2011 9:09:19 PM by  Torsten Lindner [Paessler Support]



Votes:

0

This feature will be very usefull, many other systems have this feature. Can you estimate the implementation date?

Created on Dec 16, 2011 9:42:48 AM



Votes:

0

That's actually available as of Yesterday with version 9.1.6:

  • New: [Core] You can now promote users of any PRTG user group to admins (this is an user group setting, if enabled all users of a group are admins). This means that you can now also manage PRTG admins in the Active Directory, too, by creating an AD based group in PRTG and giving this group admin rights https://www.paessler.com/prtg/prtg9history

Created on Dec 16, 2011 9:46:51 AM by  Torsten Lindner [Paessler Support]



Votes:

0

This new update (9.1.6.1962) is nice, but how does PRTG know what organizational unit (OU) to use to put users in?

USER1 is in IS Dept (primary) USER1 is also in NOC and many others...

USER2 is also in IS Dept USER to is also in NOC (primary) and many others...

I want to give the IS Dept admin rights, but when USER1 logs in to PRTG it puts them in the NOC group. Then I don't want USER2 to have admin rights but PRTG puts them in the IS Dept group.

Created on Dec 28, 2011 9:30:29 PM



Votes:

0

If you want to give USER1 admin rights and USER2 not, then you have to make sure that the PRTG User Group which grants the admin rights contains USER1 and not USER2. This means also that the AD Group associated with this 'Admin' PRTG User Group has to contain USER1 and not USER2. If there is no AD Group in your company reflecting this, you have to create a new AD group and organize membership to this group accordingly. If you create several PRTG user grops with AD associations, a PRTG user will get membership to all these groups as long as its AD account is a member of the associated AD group. In PRTG he gets then the rights of all PRTG user groups where he is a member and if one of them grants admin rights that means he has admin rights no matter what other group memberships exist.

Hope that helps, it is pretty straighforwand. Of course PRTG cannot guess what to do, it can only reflect group memberships from the AD in its own user groups and then you have to set the rights of these prtg user groups so they behave like you want in PRTG.

Created on Dec 29, 2011 11:06:24 AM by  Roland Grau [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.