Skip to main content
Hitachi Vantara Knowledge

Considerations for the information you need to supply

These considerations apply to the information you need to supply when configuring HCP support for AD:

  • Before configuring AD support in HCP:
    • Create an AD group in the target domain. Give the group permission to add members to itself. Then give the group these permissions in the specified OU:
      • Read all properties on descendant computer objects
      • Write all properties on descendant computer objects
      • Change password on descendant computer objects
      • Reset password on descendant computer objects
      • Delete on descendant computer objects
      • Create computer objects in this object and all descendant objects
      • Delete computer objects in this object and all descendant objects
    • Create an AD user account and add it to only that group. This is the user to specify as the domain user in the AD configuration in HCP.
    • If HCP is not joined to AD, you can still prepopulate the domain controller filter list.
  • Allow a new computer account for use in querying AD for groups to be created automatically. Do not create this account ahead of time.
  • If you have more than one HCP system for which you are enabling support for AD, specify a computer account name that’s unique among those systems.
  • By default, for the OU in which computer accounts will be created, HCP uses CN=Computers. For the computer account, HCP uses HCPSrv-hcp-name (for example, HCPSrv-hcp), where hcp-name is the first segment of the domain name associated with the [hcp_system] network.

 

  • Was this article helpful?