Cannot pull AD group into EFT as administrators


THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT, v7.0 and later

SYMPTOM

When trying to pull in a specific AD group as EFT administrators, EFT fails to recognize the group.

WORKAROUND

If an AD group's "Group Scope" is set to "Universal," EFT does not have visibility of the group to add into the EFT Administrators: https://technet.microsoft.com/en-us/library/cc755692(v=ws.10).aspx

As a test, create a new AD site and specify the group. If the required users display properly, this confirms that the group is a Universal group. If it fails to pull in these users, the EFT service may not have proper permission to read the contents of the group.

To be able to add an AD group to the EFT administrators permission group

  1. In Administrative Tools, click Computer Management.
  2. Create a local Windows group (e.g., "MFT Admins").
  3. Specify that this local group to contain the needed Universal Group.
  4. You should then be able to add the local group (e.g., "MFT Admins") to the EFT Administrators permission group.