Questions regarding Active Directory authentication

[fleitner]

Hello,

for a project I might need the Active Directory authentication. As I never used this feature on WinCC OA I started up the demo project, went into the User administration dialog and switched the setting from "Standard" to "Windows" in the hope that it then uses our corporate Active Directory.

After accepting the dialogs regarding the deletion of WinCC OA users the system just appears to hang (>1h). I let it run in the background and it eventually finished.

* Is there a restriction on the size of the Active Directory?
* Can I limit the groups to query from the AD, to speed up the process and to unclutter the group list.
* The user list contained only the root user. Is this normal, because I thought for every AD user a WinCC OA user is created?

Best regards
Frank

[kilianvp]

I had the same problem in the past.

* there is no restriction on the size of the Active Directory
* You can't create a filter
* the user gets created during the first login

If you have a bigger Active Directory you shouldn't use this feature.

[fleitner]

Hello Kilian,

thank you for your time and your answers.

I was worried about the empty user list, but it makes sense to only actually create the user in OA on login.
The AD of the customer is smaller than ours, perhaps it is 'small enough'. Otherwise implementing a user-defined authentication and using AD there (with filter) might be a viable way, albeit with more upfront effort.

Best regards
Frank