Step 5: Grant permissions to an AD user account

To join HCP with your AD domain, you can either create a new AD user account that inherits permissions from the AD group you created in Create an AD group, or you can use an existing AD user account and assign it permissions in the OU or CN in which you want HCP computer accounts to be created. HCP uses this AD user account only once during the AD join process and then never uses the AD user account again. HCP does not store AD user account credentials.

If you are creating a new AD user, follow the Creating a new AD user account and assigning it to your AD group procedure. 

If you are using an existing AD user account, follow the Configuring an existing AD user account for HCP management procedure.

Creating a new AD user account and assigning it to your AD group

To create a new AD user account and assign it to the AD group you created:

1.In the tree view in the left panel of the Server Manager window, right-click on the OU or CN in which you want to create the AD user account and select NewUser from the dropdown menu.

The New Object - User window opens.

2.In the New Object - User window:

oIn the First name field type a name for the user account (for example, HCP Admin).

oIn the User logon name field, type a username for the user account (for example, hcpadmin).

Then click on the Next button.

The display in the New Object - User window changes.

3.In the New Object - User window:

oIn the Password field, type a password for the user account.

oIn the Confirm password field, type the password again.

oDeselect the User must change password at next logon option.

Then click on the Next button.

The display in the New Object - User window changes.

4.Click on the Finish button.

The list in the middle panel of the Server Manager window now includes the user account you just created.

5.Right-click on the new user account and select Properties from the dropdown menu.

The Properties window opens.

6.Click on the Member Of tab.

7.On the Member Of tab, click on the Add button.

The Select Groups window opens.

8.In the Enter the object names to select field, type the name of the group you created in Create an AD group. Then click on the OK button.

The AD user account inherits the permissions granted to the AD group you specify.

9.In the Properties window, click on the OK button to close the window.

Configuring an existing AD user account for HCP management

To grant HCP management permissions to an existing AD user account:

1.In the left panel of the Server Manager window, right-click on the OU or CN in which you want computer accounts for the HCP nodes to be created and select Properties from the dropdown menu.

The Properties window opens.

2.Click on the Security tab.

3.On the Security tab, click on the Advanced button.

The Advanced Security Settings window opens.

4.Click on the Add button.

The Select User, Computer, Service Account, or Group window opens.

5.In the Enter object name to select field, type the name of the AD user that is joining HCP to the AD domain. Then click on the OK button.

The Permission Entry window opens.

6.In the Permission Entry window:

oIn the Apply to field, select Descendant Computer objects.

oUnder Permissions, select the boxes in the Allow column for:

Read all properties
Write all properties
Delete
Change password
Reset password

Then click on the OK button.

7.In the Advanced Settings window, click on the Add button again.

The Select User, Computer, Service Account, or Group window opens.

8.In the Enter object name to select field, type the name of the AD user that is joining HCP to the AD domain. Then click on the OK button.

The Permission Entry window opens.

9.In the Permission Entry window:

oIn the Apply to field, select This object and all descendant objects.

oUnder Permissions, select the boxes in the Allow column for:

Create Computer objects
Delete Computer objects

Then click on the OK button.

10.In the Advanced Security Settings window, click on the OK button to close the window.

11.In the Properties window, click on the OK button to close the window.

Trademark and LegalDisclaimer

© 2016 Hitachi Data Systems Corporation. All rights reserved.