Skip to Content

Hurdles with Windows AD Authentication Configuration

Dear Team,
Please be informed that when we try to configure Windows AD Authentication, we are facing difficulties with various errors.
Kindly check and do the needful.

Process I followed:
Enabled WinAD Authentication
Gave AD Administration name and Default Domain name
Click update
Got Invalid group name, cannot find group (S-1-5-21-3132330154-158638298-2079404797-18577)
Click cancel
Gave SPN and other details
Click update
Got The Active Directory Authentication plugin does require valid global administration credentials in order to access Active Directory. Please specify administration credentials and try again.

Errors:
1. Invalid group name, cannot find group (S-1-5-21-3132330154-158638298-2079404797-18577) ?
We don't have any group named with (S-1-5-21-3132330154-158638298-2079404797-18577), verified in Query Builder.

2. The Active Directory Authentication plugin does require valid global administration credentials in order to access Active Directory. Please specify administration credentials and try again ?

We got to know that AD authentication will not continue if the AD account used to read the AD directory (service account\AD Administration Name) doesn't have read permissions on the Domain Controller.

Thanks
Ram

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Posted on Jun 05, 2020 at 11:48 AM

    The AD administration account requires read and query rights to AD, furthermore if you are dealing with multiple forests the proper forest trust must be in place.

    When your group error occurs with an invalid sid, that would indicate you tried to add a group that no longer exists in AD.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jul 23, 2020 at 11:45 AM

    just remove the group from the AD plugin. If you are unsure which group you can pull a list in query_builder with https://apps.support.sap.com/sap/support/knowledge/preview/en/2546772 and then control f the sid

    -Tim

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.