Demote Active Directory Domain Groups to Vault Server Groups

A Vault Server group that was imported from an Active Directory domain or promoted to an Active Directory domain can be demoted, creating a Vault Server-only group. Once demoted, the group is unique to the Vault Server and no longer associated with the domain group.

    Note: You must be assigned the role of Administrator to perform this operation.
  1. In the ADMS Console, select Tools  Administration Global Settings.
  2. In the Global Settings dialog, select the Security tab.
  3. Click Groups.
  4. In the Group Management dialog, select an Active Directory group and then select Actions  Demote Domain Group. When the group is demoted, the domain name is removed from the group name. As a result, the demoted group may collide with an existing vault server group with the same name. If the vault server group name already exists, you are prompted to rename the demoted group.
  5. Click OK.

The vault server group retains the vault server group membership and permissions but is no longer associated with the Active Directory group.