The format for logging into the console with an Active Directory account name depends upon whether the account name is in the same domain as the Carbon Black App Control Server:

  • AD accounts in a different domain must use a fully qualified version of their name (i.e., in the format NTDOMAIN\Username or Username@dnsDomain).
  • AD accounts in the same domain as the Carbon Black App Control Server can log in either with a fully qualified username or their username only (provided the username is not the same as a login account created directly using the console.

There are several differences in the details for an AD-based account and an account created in the console:

  • When a user with an AD-based account logs in to the console, the username on the Login Accounts page and the User Details page includes both the user and the domain name, in the form user@dnsDomain.

    The Users tab on the Login Accounts page showing the list of users

  • When you click on the View Details button to open the User Details page, the box at the top of the details panel is labeled “External Account” for AD users.
  • There is no Save button on the Login Account Details page for AD users because their account details can’t be edited in the console.