Configure an Active Directory Group

You can give external Active Directory (AD) groups (domain name\user group) access to Compliance Search.


  1. Configure the Lightweight Directory Access Protocol (LDAP) is on the Active Directory Domain server:
    1. From the Active Directory server, click Start > Run.
    2. Type ldp on the Run dialog box and click OK.
    3. Click the Connections menu option, and select Connect.
    4. From the Connect dialog box, enter the following information:
    5. Server: Type the name of the external domain server. For example, computer.domain.com.

      Port: Type 636 as the port number for the external domain server.

      SSL: Select this checkbox to check for the proper certificate.

    6. Click OK.

      If properly configured for LDAP, the external domain server details will be displayed in the LDP windowpane. If not configured for use with LDAP, an error message will appear indicating that a connection cannot be made using this feature.

  2. Define the Group Scope of the external user group for Compliance Search users as Global on the Active Directory Domain server.
    1. On the Active Directory server, click Start > Administrative Tools > Active Directory Users and Computers.
    2. Right-click the external group, and then select Properties.
    3. Under Group Scope, select Global.
    4. Click OK.
  3. Add the Active Directory Domain server as a domain controller in the CommCell Console. See Adding a Domain Controller for Active Directory.

    Notes: Network proxy configurations are not supported by Compliance Search.

  4. On the Web Server, restart Internet Information Services (IIS). The IIS service is named IIS Admin Service in the Windows Services list.
  5. Log in to the CommCell Console and expand Security > Domains > domain_name.
  6. Right-click External Groups, and then click Add New Group.
  7. In the Add new External Group dialog box, click Browse.

    The Select an external group dialog box is displayed.

  8. Select the external user group to which the Compliance Search users belong, and then click OK.

    The group name that you selected is displayed in the Select an External Group box.

  9. On the Associated Entities tab, click Add to create a security association with the following:
    • Entities: Select the Client entities that Compliance Search users should be able to search.
    • Role: Must include the Compliance Search permission.

      Note: You may also select from the following permissions to enable additional Compliance Search features:


      Added Functionality for Compliance Search Users

      Annotation Management

      Users can add comments to items in review sets.

      Compliance Search

      Users must have the Compliance Search permission to access the Compliance Search page.

      Legal Hold Management

      Users can create and manage Legal Holds from the Compliance Search page.

      Tag Management

      Users can create and manage tags and tag sets from the Compliance Search page.

    For instructions, see Administering the Security Associations of a User Group.

  10. Click OK to close the Add Association dialog box.
  11. Click OK to close the Add new External Group dialog box.

The configured users can access the Compliance Search page and login using their Active Directory credentials.

Ensure that all the relevant domains (of which emails will be content indexed) are registered in the CommCell before running a content indexing job to avoid the duplicate entries of the users in the refinements and also to avoid the Globally Unique Identifier (GUID) instead of email address in the Custodian refinement.

Related Topics

To enable Compliance Officers users to use the Case Manager feature in Compliance Search, see Configuring User Groups for Case Manager.

Last modified: 9/25/2018 7:38:43 PM