Skip to main content
commvault.com commvault.com
Solved

Organization units division

K
Bit
Forum|alt.badge.img+2

Hello community !

Our organization consist of one main AD domain, and several groups, faculties and institutes (i.e departments).

At many of these sub-division we have backup admins who needs to be in control of the backup of their machines. ( i.e Tenant Admins)

Since Company is the only organizational unit in Commvault my initial thought was to assign separate companies to the departments, but I have been unable to find a way to assign several Companies to the same identity server (Active Directory) with group separation. 

Does anyone know any best practice/advice on how to divide a huge AD with lots of OU’s and groups into a viable organization structure in Commvault ?

 

Kjell Erik Furnes

 

 

Best answer by Jos Meijer

There is no simple way to use one identity server for multiple companies.

Normally when you add an identity server to a company, assigned groups, all rights are inherited automatically to the members of the groups. As the company top level relation is missing you will get cosmetic errors such as for example an Exchange DAG cluster telling that not all subclient information could be loaded.

You can however force manual relations by editing the Operators for the company and adding the domain group combined with the Tenant Admin role for example.

At first logon they will receive this option where they can select their company:

 

They dashboard will be the commcell dashboard and not the company one, but they will have rights for only their clients.

They will also be able to manage their company.
I am sure there are some limitations, but for general backup and recovery they should be fine.
Combined with an AuthCode they can install agents and assign them to their company without login in with their own account in the installer.

View original
Kjell Erik Furnes
Did this answer your question?
If you have a question or comment, please create a topic

2 replies

Jos Meijer
Commvault Certified Expert
Forum|alt.badge.img+17
  • Jos MeijerCommvault Certified Expert
  • Commvault Certified Expert
  • 638 replies
  • Answer
  • April 26, 2022

There is no simple way to use one identity server for multiple companies.

Normally when you add an identity server to a company, assigned groups, all rights are inherited automatically to the members of the groups. As the company top level relation is missing you will get cosmetic errors such as for example an Exchange DAG cluster telling that not all subclient information could be loaded.

You can however force manual relations by editing the Operators for the company and adding the domain group combined with the Tenant Admin role for example.

At first logon they will receive this option where they can select their company:

 

They dashboard will be the commcell dashboard and not the company one, but they will have rights for only their clients.

They will also be able to manage their company.
I am sure there are some limitations, but for general backup and recovery they should be fine.
Combined with an AuthCode they can install agents and assign them to their company without login in with their own account in the installer.

T
1 person likes this
B
Bit
Forum|alt.badge.img+1

Hello @Jos Meijer, thank you for your reply.

A separate authcode was one of the win’s I was looking for, but I am a little reluctant to go for a “hack” to get this to semi-work.

 

So I think I will revert to the old ways using security roles and groups, and for now just accept the limitation of only one organization level.

 

Kjell Erik Furnes

Most helpful members this week

Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings