" The problem was defining the search DIT for matching the portal roles to Active Directory Groups. I'm working with a large corporation that has a large Active Directory. Well over a few thousand items between users, groups, and organization units. The login process was timing out because there were more than 1000 items in the search path for the AD groups. Once I restricted the search for groups to a specific branch of the AD hierarchy that had only a few entries I was able to log in. Another sympton was that the login took over 2 minutes before getting a failure message.
I've submitted an enhancement request to esri to improve the documentation on using AD with the portal. Right now it is really weak. The link you posted is a start but doesn't help a lot if you are new to AD. Dennis Geasan
"
Dennis:
I agree with your comment on documentation insufficiency. I don't have JXplorer or something similar. Not allowed to add Groups or Userids. Don't have any idea how this is supposed to verify a user against Active Directory, how it asks for or passes a password, how it lets me know if the user's group is admin or publisher. Can you tell me how you defined your groups and DIT search, and how you restricted the groups? Is a wildcard allowed? My security group is looking at me very suspiciously... (BTW, I have 9.3.1 if that makes a difference)
Thank you all. This forum is great!
Rachel Noon