¶ Config
Navigate to Datacenter → Add → Active Directory Server
Fill out the fields accordingly:
I used the following config on the Sync Options tab
- Bind User: CN=service.ldap,CN=Users,DC=ad,DC=example,DC=com
- User Filter: (|(memberOf=CN=PVE_Admin,OU=Groups,DC=ad,DC=example,DC=com)(memberOf=CN=PVE_User,OU=Groups,DC=ad,DC=example,DC=com))
- Group Filter: (|(CN=PVE_Admin)(CN=PVE_User))
Additionally, also on the Realms page, setup a Realm Sync Job to periodically sync PVE with AD.
¶ Testing
Back on the Realms page, select Sync → Preview to do a dry run of the sync process. You should see users sync in that are part of the groups you defined as well as those same defined groups.
If the dry run is correct, run the actual sync.
¶ Permissions
Now that groups and users have been synced into PVE, navigate to Datacenter → Permissions.
Select Add → Group Permissions to configure whatever privilege level you want for each synced group.