Active Directory overview
Active Directory is used to connect and authenticate users on the Integrity Modeler SQL Server instance. Using Active Directory Domain Name services, you can create and manage users and groups for SQL Server authentication.
In Integrity Modeler, users and groups are referred to as Logins on a server level, and Principals on a database level.
Logins allow AD users and groups to connect to SQL Server. Principals allow users and groups that are associated with a server login to connect to a specific database. You can assign permissions for AD users on a server, database, package, or a model level. For more information about Integrity Modeler access permissions, see Overview of Modeler access permissions.
* 
You must synchronize any changes that you make in Active Directory with SQL Server. For more information, see Synchronizing a database with Active Directory changes.
This chapter covers the following Active Directory administration tasks:
Creating a user.
Creating a group.
Adding or removing users from groups.
For more information about Active Directory, refer to the Microsoft help:
Active Directory Domain Services
* 
In Active Directory, embedding groups within other groups is referred to as nesting. Integrity Modeler does not support nested groups. If you are creating a server login for an AD group with nested groups, users in the nested groups will have to perform a Sync Self to synchronize their permissions. To grant access to users under nested groups, you must perform the following:
1. Create a server login for each nested group under the main group. See Creating Server logins for users and groups (Model Explorer).
2. Add the nested group as a database principal to each database where user permissions are derived from that group. See Adding principals to a database (Model Explorer).