Configuring the Active Directory Domain Controller

To create or manage SOLIDWORKS PDM groups using Active Directory, Trusted for delegation must be enabled in Active Directory for the archive server computer account.

If the archive server uses Windows login, when the administrator manages users and groups in SOLIDWORKS PDM the archive server queries Active Directory for user and group information. As part of the query, Active Directory does an authentication challenge to ensure that the user has access rights.

For the authentication challenge to succeed when a client is run from a computer other than the archive server, delegation for the archive server computer account in Active Directory must be set to “Trust this computer for delegation.” When Active Directory asks for credentials, this setting lets the archive server computer account forward the client credentials for a user who is logged in to a different computer.

The Active Directory Users and Computers console is required to configure the Active Directory domain controller. Only a domain controller has the Active Directory Users and Computers console installed by default. If the archive server is not a domain controller, you must set up a Microsoft Management Console with the Active Directory Users and Computers snap-in before you perform this procedure.

To set delegation to trusted:

  1. Log in to the archive server computer as a member of the Domain Admins group or the Enterprise Admins group in Active Directory.
  2. Click Start > Control Panel > Administrative Tools > Active Directory Users and Computers.
  3. In the Active Directory Users and Computers dialog box, in the left pane, expand the domain controller and locate the computer account for the archive server.
    By default, computer accounts are kept in the Computers folder, but they can be located in other folders under the domain controller.
  4. In the right pane, right-click the account and click Properties.
  5. On the Delegation tab, select Trust this computer for delegation to any service (Kerberos only).
  6. Click OK.
  7. Close the Active Directory Users and Computers dialog box.