How to Integrate Arcserve UDP 7.0 with Active Directory Using Active Directory Groups

The role-based administration of Arcserve UDP 7.0 allows user-level permission where the Active Directory (AD) feature is not enabled by default. However, the WSO2 Carbon platform in Arcserve UDP 7.0 does not support AD groups that have secondary user store. You can enable the extension for Arcserve UDP 7.0 that configures the AD groups as Arcserve UDP roles and helps assign the permissions automatically for the members in the AD group.

Follow these steps:

1. Navigate to the following installation path of Arcserve UDP and open the carbon.xml file:
2. …\Program Files\Arcserve\Unified Data Protection\Management\IdentityServer\repository\conf\carbon.xml
2. From the carbon.xml file, disable the contents of HideMenuItemIds using <!-- and --> as displayed in the screenshot below.
3. 
3. Save the carbon.xml file and restart the Arcserve UDP Management service.
4. Open the user management console using the following link:
5. https://localhost:8015/carbon
6. The Arcserve UDP Role-based Access Control Administration Home page appears.
7. 
5. Click the User Store Management option available on the left pane.
6. The User Store Management page appears.
6. Click Add Secondary User Store.
7. 
8. The User Store Manager page appears.
7. Select the required User Store Manager Class option from the drop-down list and enter your domain name in the Domain Name field.
8. Enter the details in the fields as required under Define Properties For and Optional groups.
9. The screenshot below is an example of the User Store Manager page after entering the details.
10. 
9. Click Add.
10. The UDP User Management dialog appears.
10. Click OK.
11. The User Store Management page appears and displays the added secondary user store.
12. 
13. Note: If the secondary user store is not displayed, refresh the browser.
11. (Optional) Click the Users and Roles option from the left pane to view the list of users and roles.
12. Note: You need to define roles in the domain using AD.
12. Now, perform the following steps to add the UDP role permissions:
    1. Select an AD user or AD group.
    2. Assign a role from the available list of roles.
    3. Click View Role.
    4. The Role List of User page appears.
    5. 
    4. Click Permissions.
    5. The list of permissions appear.
    6. 
    5. Select the Permissions as required.

Now, the secondary user can log into the Arcserve UDP Console with the assigned permissions.