Esko Logo Back to Esko Support
Choose your language for a machine translation:


This procedure describes how to add Domain users to be used as login into the Automation Engine Pilot.


1. Steps to do on the domain controller

  • The Automation Engine Server must be added in the active directory.
  • On the Domain controller (=active directory), the BGSYSTEM user with the password of the Automation Engine Server must be present as a normal User.

To get Domain users working in the Pilot,

BGSYSTEM user must be able to retrieve the following information of the Pilot users from the domain controller:

  • Does the account exist
  • Is the password correct
  • Is it a member of certain group

2. On the Automation Engine Server

If Windows domain users are to be granted access to Automation Engine Pilot functionality, they must be added to the BGUSERS or BGADMIN (administrator for the Pilot) Windows group.

To add a Windows domain user to the BGUSERS group, perform the following steps:

  1. Log in as User Administrator.
  2. Right-click My Computer icon on the desktop and click Manage.
  3. In the Computer Management window open the Computer Management (Local) > System Tools > Local Users and Groups items.
  4. Right-click the item Groups, select the BGUSERS group in the right pane and click Add to Group.
  5. In the BGUSERS Properties window, all the users belonging to the BGUSERS group will be displayed. Click Add….
  6. Click the Locations (1) button.
  7. Select the domain name (2) from this location.

  8. Type the user initials.
  9. Click the Check Names button.

    You will see the complete user user name (username@domain).
  10. Click OK.
  11. Click Apply. You will see the new user.

You cannot add Domain groups in the BGUSERS and BGADMIN groups.

3. Test the new domain user

  1. Open the Pilot and test the new user.
  2. Login: user@domain. No dns suffix is required.

Before Automation Engine 12.1 if you log in with domain suffix, you can connect but will not have access rights. Checking the Users panel shows that the user is not logged in.

Since Automation Engine 12.1, you can login with a domain suffix.

If there are users from another domain as the Automation Engine,

  1. The second domain must be added in Advanced TCP/IP settings > DNS tab >Append these DNS suffixes

  2. The Firewall must be open to the domain trust:

    135/TCP/udp RPC Endpoint Mapper
    136 TCP/udp
    137 TCP/udp
    138 TCP/udp
    139 TCP/udp
    389/TCP/UDP LDAP
    636/TCP LDAP SSL
    53/TCP/UDP DNS
    88/TCP/UDP Kerberos
    445/TCP SMB
  3. The Domain trust must be set between the two domains.

4. Problems

4.1 Local users are working but domain users aren't

If you set debugging on LogonServer and when you log in, you get a message that the user is not in the BGUSERS or BGADMIN group.

On the Active Directory Server:

  • Active Directory Users and Computers: Go to View and enable the Advanced Features option.


  • User settings, security settings, Authenticated Users must have Read access.

  • Read General Information and Read Group Membership must be on allow.

It's also possible that some domain users are working and others aren't because they have different security settings.

It is better to add, but the domain users that must be used for the Automation Engine Pilot in one group and change the security settings for this group.

4.2 It's working with domain users and after a while no users can connect!

  • The only user that can log in is the domain user BGSYSTEM.
  • The bgmd log file has the message:

    LogonServer[6168] 22 Nov 11:30:44.423 - Logon:failed SetCurrentUser (Exception of class BG_EThreadLogonTypeNotGranted
  • Activate server is only a temporary solution.

 Reason: The domain controller is resetting the local policies after some time

  • The Activate Server adds correct settings in the local policy, User rights Assignment:
    Log on as batch job

Following users must be present:

  • “Administrators” - needed for the domain users.
  • “BGADMIN” for the local admin user.
  • “BGUSERS” for the local users, digi.
Article information
Applies to

Automation Engine

Last revised10-Jun-20
Problemlog Number