We just set up a v8 DB2 Workgroup server 8.3 Windows. We want to give an active directory group (CAT) system admin in db2 with no log on rights to the box.

we have an active directory group called "CAT". CAT's members are
bob1
bob2
install_GROUP

install_GROUP is another active directory group that is in the administrators group. this contains the installation id's. this group contains:
me_tech
db2_service

the DAS and DB2 instance run with db2_service as the "log on as". Our SQL people pointed us in that direction...to use active directory, you can't run your processes with a local account.

i ran :
db2 set dbm cfg sysadm_group CAT
db2start
db2stop

logged on as me_tech which is a local administrator (in group install_group) which is a group in CAT which is the sysadm_group.

I cannot connect to the tables in the database (no authority).

If I add me_tech to the CAT group, everything works fine.

I take it that DB2 doesn't work with active directory within active directory?

(in my case, I can't add my install_group to the CAT group?)

Can you have more than one group in SYSADM_GROUP??

I don't think DB2 supports nested groups on Windows