What is the difference between AccessLevel 'Admin' and 'Cache' in NCache?

The 'Admin' level grants full control over the NCache cluster, including node management and configuration changes. The 'Cache' level restricts the user to data operations and management of a specifically assigned cache, following the security principle of least privilege.

Do I need to enable NCache security manually after adding a user or group?

If you include the '-EnableSecurity Yes' parameter, NCache will automatically activate the security configuration upon successful addition. Otherwise, security remains disabled until you explicitly enable it.

What is the required format for the UserOrGroupDN parameter?

You must provide the full LDAP Distinguished Name (DN). Example for a user: 'CN=John Smith,OU=engineers,DC=company,DC=com'. Example for a group: 'CN=Dev,OU=engineers,DC=company,DC=com'.

Why are current AdminCredentials required to add a new user?

This is a standard privilege escalation protection. You must authenticate as an authorized NCache administrator to modify the security configuration, ensuring that only trusted personnel can grant access rights to other users.

Add-NCacheUserOrGroup

This PowerShell cmdlet is used to add a user or group to the NCache security configuration. This configuration can be applied at the NCache server (node) level or to a specific cache. The cmdlet supports role-based access control by allowing users or groups to be assigned either Admin access for full cluster management or Cache-level permissions for cache-specific operations. The cmdlet requires parameters such as the server, access level, user or group name, full Distinguished Name (DN), domain controller, and administrative credentials. It validates the provided identity information against the domain controller, applies the necessary security metadata, and adds the user or group to the configuration. Optionally, security can be enabled automatically after successful execution, making this cmdlet essential for secure production deployments.

Windows PowerShell
Linux CLI

Add-NCacheUserOrGroup -AccessLevel -CacheName -Server -UserOrGroupName -UserOrGroupDN -DomainController [-DomainControllerPort] [-SecondaryDomainController] [-SecondaryDomainControllerPort] [-EnableSecurity] -AdminCredentials [NoLogo]

Examples

This command adds the user John Smith as an NCache admin on the server with the IP address 20.200.20.11 using security credentials.

Add-NCacheUserOrGroup -Server 20.200.20.11 -AccessLevel Admin -AdminCredentials(Get-Credential john_smith) -UserOrGroupName john_smith -UserOrGroupDN "CN=John Smith,OU=engineers,DC=example,DC=com" -DomainController test_domain

This command adds the user John Smith as a cache user for the 'demoCache' cache hosted on the server with the IP address 20.200.20.11. Upon successful addition of the user, NCache security is also enabled on the server.

Add-NCacheUserOrGroup -Server 20.200.20.11 -AccessLevel Cache -CacheName demoCache -AdminCredentials(Get-Credential john_smith) -UserOrGroupName john_smith -UserOrGroupDN "CN=John Smith,OU=engineers,DC=example,DC=com" -DomainController test_domain -EnableSecurity Yes

This command adds a group named 'Dev' as an NCache admin group on the server with IP address 20.200.20.11. Upon successful addition of the group, NCache security is also enabled on the server.

Add-NCacheUserOrGroup -Server 20.200.20.11 -AccessLevel Admin -AdminCredentials(Get-Credential john_smith) -UserOrGroupName dev -UserOrGroupDN "CN=Dev,OU=engineers,DC=example,DC=com" -DomainController test_domain -EnableSecurity Yes

Properties

Note

The parameters with asterisk (*) on their names are the required parameters and the rest are optional.

Parameters	Data Types	Description	Default Value
`-AccessLevel*`	`<String>`	Specifies the access level of the user or group being added. If you are adding a cache user, then valid value is "Cache" and for an NCache admin, the value will be "Admin".	-
`-CacheName*`	`<String>`	Specifies the name of the cache for which the user or group is being added. This parameter is required when the access level is set to "Cache". Note: The cache must already exist on the source server.	-
`-Server*`	`<String>`	Specifies a server name where the NCache Service is running and a cache with the specified cache-name is registered.	-
`-AdminCredentials*`	`<pscredential>`	Specifies the credentials of an LDAP user with administrative rights on the given server. These credentials are used for authentication and authorization to perform the addition.	-
`-UserOrGroupName*`	`<String>`	Specifies the name of the user or group being added.	-
`-UserOrGroupDN*`	`<String>`	Specifies the Distinguished Name (DN) of the user or group being added. This DN uniquely identifies the user or group in the LDAP directory. You can specify it like this, i.e., -UserOrGroupDN "CN=Dev,OU=engineers,DC=example,DC=com"	-
`-DomainController*`	`<String>`	Specifies the IP address or name of the server at which the domain controller is hosted.	-
`-DomainControllerPort`	`<String>`	Specifies the port at which the domain controller is listening.	389
`-SecondaryDomainController`	`<String>`	Specifies the IP address or name of the server on which the secondary domain controller is hosted.	-
`-SecondaryDomainControllerPort`	`<Integer>`	Specifies the port at which the secondary domain controller is listening.	389
`-EnableSecurity`	`<String>`	Specifies whether to enable security after successfully adding the user or group. Valid values are "Yes" or "No".	False
`-NoLogo`	`<SwitchParameter>`	Suppresses display of the logo banner.	False

add-ncacheuserorgroup -accesslevel -cachename -server -userorgroupname -userorgroupdn -domaincontroller [-domaincontrollerport] [-secondarydomaincontroller] [-secondarydomaincontrollerport] [-enablesecurity] -adminuserid -adminpassword [nologo]

Examples

This command adds the user John Smith as an NCache admin on the server with the IP address 20.200.20.11 using security credentials.

add-ncacheuserorgroup -server 20.200.20.11 -accesslevel Admin -adminuserid john_smith -adminpassword pass123 -userorgroupname john_smith -userorgroupdn "CN=John Smith,OU=engineers,DC=example,DC=com" -domaincontroller test_domain

This command adds the user John Smith as a cache user for the 'demoCache' cache hosted on the server with the IP address 20.200.20.11. Upon successful addition of the user, NCache security is also enabled on the server.

add-ncacheuserorgroup -cachename demoCache -server 20.200.20.11 -accesslevel Cache -adminuserid john_smith -adminpassword pass123 -userorgroupname john_smith -userorgroupdn "CN=John Smith,OU=engineers,DC=example,DC=com" -domaincontroller test_domain -enablesecurity Yes

This command adds a group named 'Dev' as an NCache admin group on the server with IP address 20.200.20.11. Upon successful addition of the group, NCache security is also enabled on the server.

add-ncacheuserorgroup -server 20.200.20.11 -accesslevel Admin -adminuserid john_smith -adminpassword pass123 -userorgroupname dev -userorgroupdn "CN=Dev,OU=engineers,DC=example,DC=com" -domaincontroller test_domain -enablesecurity Yes

Properties

Note

The parameters with asterisk (*) on their names are the required parameters and the rest are optional.

Parameters	Data Types	Description	Default Value
`-accesslevel*`	`<String>`	Specifies the access level of the user or group being added. If you are adding a cache user, then valid value is "Cache" and for an NCache admin, the value will be "Admin".	-
`-cachename*`	`<String>`	Specifies the name of the cache for which the user or group is being added. This parameter is required when the access level is set to "Cache".	-
`-server*`	`<String>`	Specifies a server name where the NCache Service is running and a cache with the specified cache-name is registered.	-
`-adminuserid*`	`<String>`	Specifies the user-id of a user with administrative rights on the client node. This is required only if security is enabled on the client node. If security is disabled, this parameter is ignored.	-
`-adminpassword*`	`<String>`	Specifies the password of a user with administrative rights on the client node. This is required only if security is enabled on the client node. If security is disabled, this parameter is ignored.	-
`-userorgroupname*`	`<String>`	Specifies the name of the user or group being added.	-
`-userorgroupdn*`	`<String>`	Specifies the Distinguished Name (DN) of the user or group being added. This DN uniquely identifies the user or group in the LDAP directory. You can specify it like this, i.e., -UserOrGroupDN "CN=Dev,OU=engineers,DC=example,DC=com"	-
`-domaincontroller*`	`<String>`	Specifies the IP address or name of the server at which the domain controller is hosted.	-
`-domaincontrollerport`	`<Integer>`	Specifies the port at which the domain controller is listening.	389
`-secondarydomaincontroller`	`<Integer>`	Specifies the IP address or name of the server on which the secondary domain controller is hosted.	-
`-secondarydomaincontrollerport`	`<Integer>`	Specifies the port at which the secondary domain controller is listening.	389
`-enablesecurity`	`<String>`	Specifies whether to enable security after successfully adding the user or group. Valid values are "Yes" or "No".	False
`-nologo`	`<SwitchParameter>`	Suppresses display of the logo banner.	False

Add-NCacheUserOrGroup

Examples

Properties

Note

Contact Us