3.1.Active directory - Security group
- Acts as the gate keeper, by maintaining a list of Active Directory users who can access a SCCMTSPSI Realm instance.
- Provides read access into the configuration directory for a Realm.
Create the below Active Directory global security group.
sccmtspsi-users-XXX [Where XXX is the Realm name]
The security group members tab will look similar to the below image. Where “Build Engineer 1” , “Build Engineer 2” and “Build Engineer 3” are normal sccmtspsi operators and “sccmtspsi-broker-r01” is the broker account [discussed in the next section].
- The Realm security group can be a nested group. But for performance purposes, we recommend using a flat membership structure.
- Do not add any foreign security principals as a member of this group.