References > Troubleshooting > Troubleshooting Orion AD Issues

Troubleshooting Orion AD Issues

I cannot add AD users by entering the user ID and password.

AD users are not added by entering the user ID and password of the user you wish to add.

To add an AD user account, search for the user account using an authorized administrative account. See Create users based on existing Active Directory or local domain accounts

I have added a user to an AD group with restrictions defined in Orion but the restrictions are not being enforced.

If a user is defined in Orion as an Individual AD user, or a member of multiple AD authenticated groups, and is also a member of an AD Group in Orion, the individual authentication will take precedence over the group. This might allow the individual permissions they should not have.

Remove the individual AD account from Orion to rectify. For group conflicts, Orion will authenticate using the first valid group discovered.

The Active Directory or Local Domain Authentication dialog gives one of the below errors:

Login failure: unknown user name or bad password
Login failure: the user has not been granted the requested login type at this computer

Ensure that the account you are using has administrative rights within the AD tree you are searching.

Make sure you can access the tree from the domain you are currently in. Check for bad password or locked or expired account.

I can’t find where to add AD access for Network Atlas.

Network Atlas does not support AD authentication.

I have tried to configure Orion AD integration but the test login always takes me to the login.aspx screen.

Automatic browser login is controlled by a security setting on the browser. If your browser did not accept Orion setting this, you will have to change it manually. Make sure that both automatic logins from restricted zones and the automatic login switch are on.

For Internet Explorer these settings are defined in Tools > Internet Options > Security > *Zone* > Custom Level > User Authentication > Logon. The option you are looking to enable is "Automatic logon only in Intranet zone", or "Automatic login with current user name and password". The "Automatic logon only in Intranet zone" setting only works if Orion web server is in the Local Intranet zone.