commvault.com commvault.com
Solved

Organization units division

  • 26 April 2022
  • 2 replies
  • 79 views
K
Rank
Badge +2

Hello community !

Our organization consist of one main AD domain, and several groups, faculties and institutes (i.e departments).

At many of these sub-division we have backup admins who needs to be in control of the backup of their machines. ( i.e Tenant Admins)

Since Company is the only organizational unit in Commvault my initial thought was to assign separate companies to the departments, but I have been unable to find a way to assign several Companies to the same identity server (Active Directory) with group separation. 

Does anyone know any best practice/advice on how to divide a huge AD with lots of OU’s and groups into a viable organization structure in Commvault ?

 

Kjell Erik Furnes

 

 

icon

Best answer by Jos Meijer 26 April 2022, 17:25

View original
Kjell Erik Furnes
If you have a question or comment, please create a topic

2 replies

Jos Meijer
Rank
Userlevel 7
Badge +16

There is no simple way to use one identity server for multiple companies.

Normally when you add an identity server to a company, assigned groups, all rights are inherited automatically to the members of the groups. As the company top level relation is missing you will get cosmetic errors such as for example an Exchange DAG cluster telling that not all subclient information could be loaded.

You can however force manual relations by editing the Operators for the company and adding the domain group combined with the Tenant Admin role for example.

At first logon they will receive this option where they can select their company:

 

They dashboard will be the commcell dashboard and not the company one, but they will have rights for only their clients.

They will also be able to manage their company.
I am sure there are some limitations, but for general backup and recovery they should be fine.
Combined with an AuthCode they can install agents and assign them to their company without login in with their own account in the installer.

B
Rank
Badge +1

Hello @Jos Meijer, thank you for your reply.

A separate authcode was one of the win’s I was looking for, but I am a little reluctant to go for a “hack” to get this to semi-work.

 

So I think I will revert to the old ways using security roles and groups, and for now just accept the limitation of only one organization level.

 

Kjell Erik Furnes

Terms & ConditionsCookie settings