Add a Windows-linked user group

To move

Windows

accounts from one domain to another, create

Windows

-linked user group accounts instead of individual

Windows

-linked user accounts.

Windows

-linked user group accounts, and the user accounts they contain, can move from one domain to another while keeping security permissions for the group accounts intact.

Add user groups from a

Windows

domain or workgroup to the

FactoryTalk

system to allow the user accounts in the group to access the

FactoryTalk

system. To modify the properties of a

Windows

-linked user group, (for example the group's name, or which user accounts are group members), modify these properties in

Windows

When adding a

Windows

-linked user group account, all user accounts in the

Windows

user group have access to the

FactoryTalk

system. To prevent some users in a

Windows

-linked group from accessing the

FactoryTalk

system, create

Windows

-linked user accounts for those users, and set permissions to deny access to those user accounts.

Prerequisites

Connect the computer to the

Windows

domain containing the user groups to add to the

FactoryTalk Directory

Obtain these permissions in the User Groups
folder in

FactoryTalk Administration Console

Explorer
:

Common > Create Children

Common > List Children

Common > Read

To add a

Windows

-linked user group account

FactoryTalk Administration Console

Explorer
, expand System
> User Groups
.

Right-click the User Groups
folder, point to New
, and select Windows
-Linked
User Group
.

In New
Windows
-Linked User Group
, select Add
.

In Select Groups
, select the

Windows

groups, and select OK
.

If known, type the names of the user group accounts in the text box. For domain accounts, use the format DOMAIN\groupname
, for workgroup accounts use the format COMPUTERNAME\groupname
. To validate the names, select Check Names
. Correct any errors, and then select OK
.

To search for group by name or description, or to select multiple groups, select Advanced
.

In Select Groups
, select Locations
and select the domain or workgroup from which to select groups.

Under Common Queries
, complete the information with which to search the directory:

Name: Choose whether to search for a name that starts with the specified values or is an exact match to the specified value and then type the search string.

Description: Choose whether to search for a description that starts with the specified values or is an exact match to the specified value and then type the search string

Disabled accounts: Select to include disabled accounts when searching.

Non expiring password: Select to include accounts that have passwords that never expire when searching.

Days since last logon: Specify to look for accounts based on how long it has been since the account successfully logged on/

Select Find Now
.

In the list of groups, select the group accounts to add, and select OK
to close Advanced Select Groups
.

The groups selected are listed under Enter the object name to select
. Select Check Names
to verify the names and then select OK
to close Select Groups
.

In New
Windows
-Linked User Group
, review the list of groups.

To remove any groups added unintentionally, select the groups, and select Remove
.

To add more groups, repeat steps 3 and 4.

Select OK
.

TIP:

Use a password for all

Windows

accounts in a

Windows

-linked group, otherwise intermittent security failures or an inability to log on may occur. To follow good security practice, do not use blank passwords with accounts. To avoid using a password for

Windows

-linked accounts, on the local computer disable the

Windows

local security policy Accounts: Limit local account use of blank passwords to console logon only
.

Manage user groups

Add a Windows-linked user account

Account types

Manage user groups

Provide Feedback

Have questions or feedback about this documentation? Please submit your feedback here.