Configuring the domain controller used by ArcGIS Server
When ArcGIS Server is configured to enforce security with users and roles managed in Microsoft Active Directory, it uses the Active Directory Global Catalog to obtain user and role information. However, ArcGIS Server will be unable to enforce security if it binds to a domain controller that does not also serve as a global catalog. For example, you may see the following error when attempting to view the User and Role tab in the Security module in Manager:
An error occurred while searching for [users\roles]: [IP Address]:3268
If your Active Directory deployment includes multiple domain controllers, but not all domain controllers are configured as global catalog servers, you'll need to manually specify the domain controller used by ArcGIS Server. To do so, follow the steps below. Alternatively, you may also use the ASP.NET membership provider for Active Directory by following the instructions in Using a Windows identity store that has nested groups.
- Open the ArcGIS Server Administrator Directory and log in with a user who has administrative permissions to your site. The URL to the Administrator Directory is formatted http://gisserver.domain.com:6080/arcgis/admin.
- Click security > config > updateIdentityStore.
- Copy and paste the following text into the User Store Configuration dialog box on the Operation - updateIdentityStore page.
{ "type": "WINDOWS", "properties": { "adminUserPassword": "[password]", "adminUser": "[domain]\\[user name]", "domainControllerAddress": "[IP Address]" } }
- Update the adminUserPassword, adminUser, and domainControllerAddress properties with the appropriate values.
- If you will be using built-in roles, skip to the next step. If you will be using Active Directory roles, copy and paste the text from Step 3 into the Role Store Configuration dialog box on the Operation - updateIdentityStore page.
- Click Update to save your configuration.
- Open ArcGIS Server Manager and log in with a user who has administrative permissions to your site.
- Click Security > Users. Verify that users from your Active Directory are displayed.