I am trying to understand the active directory and authorization best practice. Normally, I would take our AD group that contains everyone, lets call it "Company", and give them Read only access to the Root as the default so that everyone can view the whole tree.
I would then assign specific AD groups to specific App groups and/or devices that would have Read/write access.
What I am seeing is that when someone logs into the system, they are assigned the "Company" group as their primary group.
It seems once they are assigned that as their primary group, when they go into an app group where the AD app group is assigned for R/W access, it only allows them Read access.
Is this the way PRTG works with active directory?
What are my options for this? I want everyone to be able to see everything, but I want some groups to have R/W access to their area to be able to manage their own devices and alerts.