Forum / Devolutions Password Server - Support

RDMS AD Roles and User mapping behaviour

  • Create an Issue
  • Cancel

Hello,

we use RDMS Enterprise in Version: 4.0.7.0 on Windows Server 2016.

The RDM Client Version is: 12.0.8.0

Now i don't understand the behaviour of the RDMS- Server if i use AD- Groups as Roles.

I try to explain my problem:

1. I added a domain user "pobtest" (Active Directory)

2. The user pobtest is member of group: _GG_RDM_Access_NGA (img1.png)

3. I added the AD- group: _GG_RDM_Access_NGA in roles section of RDMS (img2.png)

4. The role: _GG_RDM_Access_NGA is associated with the security group: HotlineGroup1 in RDMS (img3.png)


Now i thought as soon as ad- user: pobtest logs on the datasource of rdms- server, the user is associated with the role: _GG_RDM_Access_NGA automatically.
But on my test, the AD- user: pobtest was automatically added in users- section of rdms, but have no association with the role: _GG_RDM_Access_NGA. (img4.png)

Why is the user pobtest not assoicated with the role: _GG_RDM_Access_NGA in RDMS?

We have 230 RDM- Clients and don't want to set the role- association of each client manually.

Maybe i missunderstand something or have a error in the AD- configuration.

Image 5 shows you the configuration of rdms in terms of database and domain.

Thank you for your help.

Best regards

Benedict Poppe

RDMS

img1.png
img2.png
img3.png
img4.png
img5.png
Clock3 yrs

Hello,

Could you please try to set the Administration credentials in the Domain tab of the Server Settings to see if it helps? You can use either a domain administrator account or a service account that has full read permission on the domain.

image

Best regards,



Érica Poirier

signaturesignature

Clock3 yrs

Hello Erica,

thank you for your answer.

I added administrator credentials in the Authentication->Domain- Section.

After that i deleted the AD- user "pobtest" in users- section of RDMS.

Then i started a new connection via RDM client software using AD- user: pobtest.
After that the user was automatically added in users- section. --> OK

If i now look in role: _GG_RDM_Access_NGA to check which members are member of the group, the checkbox "is member" is not set for the user "pobtest"
Is this behaviour normal? (img1)
In the bottom of Image 1 there is a hint: "These roles are our "Custom" roles. Do not confuse them with roles that are bound to AD groups."


In the RDM- Client i see, that "pobtest" was associated with role: "_GG_RDM_Access_NGA" --> Image 2
That is correct. "pobtest" sees only the sessions defined for role: _GG_RDM_Access_NGA --> OK

So, can i see the association of ad- groups and ad-users in rdms or not? Or only the association between users and custom roles?


Best regards


Benedict Poppe

RDMS

img1.png
img2.png
Clock3 yrs

Hello,

As per your image1, it is normal that the AD role doesn't show which users are members of this group. And also, only roles that are not created from an AD Group are shown in the Roles tab of the User Management dialog.

Normally, you can view the Ad Group of a user in File - My Data Source Information.

image

We have been able to reproduce your issue because the AD groups for a user are not displayed in that section.

A fix has been made internally. The fix should be available in the next release of RDM and DVLS.

Regrettably, the Support Department cannot provide an exact release date as the full process (Build – Quality Assurance – Release) is out of our control.

The Engineering Department is working diligently and they will publish the build as soon as they deem it acceptable for public release.

Best regards,



Érica Poirier

signaturesignature

Clock3 yrs