# Configure groups for Active Directory

As part of Active Directory configuration, you will need to configure groups.

Contrast doesn't perform Data Access Control using the integrated AD servers. In other words, roles and access to data within the application are handled by the application and Organization Administrators set user roles. However, there is an Access Control check when logging in or creating new users to ensure that the provided user belongs to the correct group in Active Directory (AD).

## Steps

1. Use the groups that you created on your external AD server to assign users to one of the following Contrast groups.

Users in this group are authenticated and authorized the first time they log in to Contrast.

• User group: This group allows users to be added to an organization and log in to the Contrast web interface. This group is appropriate for all other users.

UPDATE teamserver_preferences SET property_value='true' WHERE property_name='directory.skip.user_existence.validation'