Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section I. Identity and access management
  7. AD and LDAP domains
  9. Adding AD or LDAP domains in NetBackup
NetBackup™ Security and Encryption Guide

Adding AD or LDAP domains in NetBackup

NetBackup supports Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) domain users.

If an AD domain or an LDAP domain is added in NetBackup, the respective domain users can logon to a NetBackup primary server and Security Administrator can assign role-based access control (RBAC) roles to these domain users.

See RBAC features.

The following procedure describes how to add an existing AD or LDAP domain in NetBackup and authenticate the domain users to access NetBackup.

To add an AD domain or an LDAP domain in NetBackup

  1. Run the following command to add an AD domain or an LDAP domain in the NetBackup primary server:
    vssat addldapdomain -d DomainName -s server_URL 
-u user_base_DN -g group_base_DN [-f trusted_CA_file_name] [-t rfc2307 | msad | 
{-c user_object_class -a user_attribute -q user_GID_attribute 
-un user_display_name_attribute -ui user_ID_attribute[:value_type] 
-ud user_description_attribute -x group_object_class -y group_attribute 
-z group_GID_attribute -gn group_display_name_attribute 
-gi group_ID_attribute[:value_type] -gd group_description_attribute 
[-k DN | UID]]} [-b FLAT | BOB] -m admin_user_DN [-w admin_user_password] 
[-p SUB | ONE | BASE] [-F]

    Note:

    Ensure that the user name that is specified in the -m option has the required rights to query the AD or the LDAP server.

    In case of LDAPS, if the Authentication Service (nbatd) does not trust the certificate authority (CA) that has signed the server's certificate, use the -f option to add the CA certificate in the nbatd trust store.

    See Certificate authorities trusted by the NetBackup Authentication Service.

    For more information about the vssat command, see the NetBackup Commands Reference Guide.

    Contact your AD administrator for the correct values for these command-line options. The values may vary based on how your AD is setup.

    An example to add an AD domain: 

    vssat addldapdomain -d domain1 -s ldap://domain1.veritas.com -u 
"CN=Users,DC=domain1,DC=veritas,DC=com" -g "CN=Users,DC=domain1,DC=veritas,DC=com" -t msad -m 
"CN=user1,CN=Users,DC=domain1,DC=veritas,DC=com" -b BOB
  2. Run the vssat validateprpl command on the primary server to verify whether the specified AD or LDAP domain is successfully added or not.

    validateprpl -p username -d ldap:domain_name -b localhost:1556:nbatd

    An example to validate an AD or LDAP domain:

    vssat validateprpl -p user1 -d ldap:domain1 -b localhost:1556:nbatd

    The domain name must match the one that is used in the addldapdomain command option.

    For more information about the vssat command, see the NetBackup Commands Reference Guide.

    If the AD or LDAP domain is added and the vssat validateprpl or vssat validategroup command fails, you need to carry out certain troubleshooting steps to resolve the issue.

    See Troubleshooting AD or LDAP domain configuration issues .

Feedback

Was this page helpful?
Previous

AD and LDAP domains

Next

Troubleshooting AD or LDAP domain configuration issues

Feedback

Was this page helpful?