When Portal for ArcGIS is configured to use groups and users managed in Microsoft Active Directory and is in an environment with multiple domains in a single forest, it uses the Active Directory Global Catalog to obtain user and group information from all domains. However, Portal for ArcGIS will be unable to collect this information if it binds to a domain controller that does not also serve as a global catalog. For example, it might only return information about users and groups from the domain where Portal for ArcGIS resides.
If your Active Directory deployment includes multiple domain controllers, but not all domain controllers are configured as global catalog servers, you'll need to manually specify the domain controller used by Portal for ArcGIS. To do so, follow the steps below.
- Open the ArcGIS Portal Directory and log in as a member with administrative privileges. The URL to the ArcGIS Portal Directory is formatted https://webadaptorhost.domain.com/webadaptorname/portaladmin.
- Click security > config > Update Identity Store.
- On the Update Identity Store page, copy and paste the following text into the User store configuration dialog box:
{ "type": "WINDOWS", "properties": { "userPassword": "secret", "isPasswordEncrypted": "false", "user": "mydomain\\winaccount", "userFullnameAttribute": "cn", "userEmailAttribute": "mail", "caseSensitive": "false", "domainControllerAddress": "[IP Address]" } }
- If the portal will leverage existing enterprise groups, copy and paste the following text into the Group store configuration dialog box:
{ "type": "WINDOWS", "properties": { "userPassword": "secret", "isPasswordEncrypted": "false", "user": "mydomain\\winaccount", "domainControllerAddress": "[IP Address]" } }
- Update the userPassword, user, and domainControllerAddress properties with the appropriate values.
- Click Update Configuration to save your configuration.