Mapping an Active Directory group to a device role

In the following example, a user with the admin role inherits all privileges associated with the Active Directory (AD) Administrator group.

  1. In privileged EXEC mode, use the configure terminal command to enter global configuration mode.
    device# configure terminal
    Entering configuration mode terminal
  2. Use the ldap-server maprole command to set the group information.

    A maximum of 16 AD groups can be mapped to the device roles.

    device(config)# ldap-server maprole group Administrator role admin