- This line was added.
- This line was removed.
- Formatting was changed.
This procedure describes how to add Domain users to be used as login into the Automation Engine Pilot.
1. Steps to do on the domain controller
- The Automation Engine Server must be added in the active directory.
- On the Domain controller (=active directory), the BGSYSTEM user with the password of the Automation Engine Server must be present as a normal User.
To get Domain users working in the Pilot,
BGSYSTEM user must be able to retrieve the following information of the Pilot users from the domain controller:
- Does the account exist
- Is the password correct
- Is it a member of certain group
2. On the Automation Engine Server
If Windows domain users are to be granted access to Automation Engine Pilot functionality, they must be added to the BGUSERS or BGADMIN (administrator for the Pilot) Windows group.
To add a Windows domain user to the BGUSERS group, perform the following steps:
- Log in as User Administrator.
- Right-click My Computer icon on the desktop and click Manage.
- In the Computer Management window open the Computer Management (Local) > System Tools > Local Users and Groups items.
- Right-click the item Groups, select the BGUSERS group in the right pane and click Add to Group.
- In the BGUSERS Properties window, all the users belonging to the BGUSERS group will be displayed. Click Add….
- Click the Locations (1) button.
- Select the domain name (2) from this location.
- Type the user initials.
- Click the Check Names button.
You will see the complete user user name (username@domain).
- Click OK.
- Click Apply. You will see the new user.
You cannot add Domain groups in the BGUSERS and BGADMIN groups.
3. Test the new domain user
- Open the Pilot and test the new user.
- Login: user@domain. No dns suffix is required.
Before Automation Engine 12.1 if you log in with domain suffix, you can connect but will not have access rights. Checking the Users panel shows that the user is not logged in.
Since Automation Engine 12.1, you can login with a domain suffix.
In Suite 12 assembly1 when the netbios name was with a dot and a suffix, you cannot login (f.i. "name.com").
To check the netbios name of the server and the domain name, type the following command in the CMD window:
This issue is solved with HF 38. The new way to log on is Username@domain.suffixIf there are users from another domain as the Automation Engine,
4.1 Local users are working but domain users aren't
If you set debugging on LogonServer and when you log in, you get a message that the user is not in the BGUSERS or BGADMIN group.
On the Active Directory Server:
Active Directory Users and Computers: Go to View and enable the Advanced Features option.
User settings, security settings, Authenticated Users must have Read access.
- Read General Information and Read Group Membership must be on allow.
It's also possible that some domain users are working and others aren't because they have different security settings.
It is better to add, but the domain users that must be used for the Automation Engine Pilot in one group and change the security settings for this group.
4.2 It's working with domain users and after a while no users can connect!
- The only user that can log in is the domain user BGSYSTEM.
The bgmd log file has the message:
LogonServer 22 Nov 11:30:44.423 - Logon:failed SetCurrentUser (Exception of class BG_EThreadLogonTypeNotGranted
- Activate server is only a temporary solution.
Reason: The domain controller is resetting the local policies after some time
- The Activate Server adds correct settings in the local policy, User rights Assignment:
- Log on as batch
Following users must be present:
- “Administrators” - needed for the domain users.
- “BGADMIN” for the local admin user.
- “BGUSERS” for the local users, digi.