Active Directory Groups as member of Octopus Team

We’re evaluating Octopus Deploy and I’ve run into an issue trying to grant Roles to a particular Active Directory group here. We have Octopus Deploy 2.5.8.447 currently installed.

I created a Team named Developers and added our AD group for our Developers to that Team and then assigned a number of roles to that Team, however when someone from that team logs in to Octopus Deploy, they have a very limited view (I assume because of their membership in Everyone).

In looking at the Octopus Deploy logs, I see a number of these entries:

While trying to retrieve the authorization groups, an error (5) occurred. Error 2014-10-03 10:24:19

And in the Detailed Server Logs, it reads:

While trying to retrieve the authorization groups, an error (5) occurred. Error 2014-10-03 10:24:19
System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to retrieve the authorization groups, an
error (5) occurred.
at System.DirectoryServices.AccountManagement.AuthZSet…ctor(Byte[] userSid, NetCred credentials, ContextOptions >contextOptions, String flatUserAuthority, StoreCtx userStoreCtx, Object userCtxBase)
at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p)
at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper()
at Octopus.Server.Web.Infrastructure.Authentication.ActiveDirectoryMembership.GetMemberExternalSecurityGroupIds(String >username) in y:\work\refs\heads\master\source\Octopus.Server\Web\Infrastructure\Authentication\ActiveDirectoryMembership.cs:line >100

Hi Brian,

Thanks for getting in touch! Very sorry about the delay in getting back to you. We recovered your message from a spam filter that we weren’t aware was being so aggressive.
You will need to make an account in your AD for Octopus to run under, and you will also need to follow the directions on the following MS article: http://support2.microsoft.com/kb/331951
As you are aware AD setups can be complicated and very individual, but this error is showing us that the account that the Octopus server runs under needs to have permissions to query group membership.

Hope that helps!
Vanessa