About Domain Security Groups
When you configure Historian to use domain security groups, the data archiver attempts to locate the groups on the primary domain controller (PDC) or one of the backup domain controllers (BDC). When using a PDC, if a primary or backup domain controller cannot be located when the Historian Data Archiver service starts, access to Historian is denied to all users.
For troubleshooting, .shw file of the data archiver lists all PDCs and BDCs available at the time of archiver startup. Use this list to verify that the Historian server has visibility into the appropriate domain.
When using a PDC, after the list of Domain Controllers has been established, the Historian Server will use that list to query for Security Group Membership on an as needed basis. If at any time a request for Group Membership information is made and the Primary Domain Controller is not available, Historian selects the first Backup Domain Controller and attempts the same request. If a Backup Domain Controller successfully responds to the request, the process of querying for Group Membership can stop. Otherwise, Historian will attempt to query Group Membership information from the next available Backup Domain Controller. If no Backup Domain Controller successfully responds, access to the system is denied.
Changing security group configuration from Local to Domain or vice versa requires that the Historian Data Archiver service be restarted for the change to take effect.