Active Directory Manager

 

 

 

The Active Directory Manager module allows administrative users to add, edit, and remove Active Directory groups and users for various dashboards.

 


This module functions outside the realm of the normal permissions hierarchy.  It can be viewed by any user with membership in Site Administrators, Security Administrators, or Dashboard Management site-level roles with no regard to permissions assigned to the tab on which the module is placed.  For more information on the roles referenced in this section please see the role based security topic.  Administrative users can configure additional module settings by clicking the  button.


 

All administrative users have the ability to create, edit, delete, and manage Active Directory groups on domains and organizational units accessible from their available dashboards.

 

Changing Dashboards

 

To change to a different dashboard and view the users and groups associated with it, choose another option from the drop down menu of available dashboards at the top of the module.  If only one dashboard is present or no drop down menu exists, the account accessing this page does not have permission to use other dashboards. To change this, contact your Site Administrator to have them change your role.

 

Refreshing Active Directory Data

 

To verify changes have been saved or to view changes made by other users, click the  button next to the dashboard drop down menu.

 

Active Directory User Attributes

 

SAM Account: The Security Account Manager account name used for Windows authentication.

UPN: The User Principal Name of the user.  A UPN looks like an email address and for many users their UPN and email are often the same.

User Name: The display name of the user account.

Enabled: If the user has a Site or Security Administrator role, they'll be able to toggle whether or not the user account is enabled or disabled.

Expiration:  The account expiration date for the user. When this field is set, that user account will be disabled upon the date set.  If not set, the account is enabled indefinitely.

Protected: This option is only visible to users with Site or Security Administrator roles.  If this box is ticked, only Site or Security administrators will be able to add or remove that user from groups.

Active Directory Group(s):  These are the Active Directory groups available on the given domain and organizational units from the currently selected dashboard.  If the group has not been marked as protected, ticking the checkbox will add or remove that user from the group.

Active Directory User Actions

Add User (): This brings up a dialog for entering new user information. A randomized password will be generated and given to the user to change.

Delete User (): This will prompt the user for confirmation, at which point the user will be deleted.

Creating New Users

Clicking the Add User () button will bring up a dialog with the following fields for creating users:

First Name: The first name of the user.

Last Name: The last name of the user.

Email Address: The email address of the user.  The email suffix must be a domain registered with the active directory system.

SAM Account Name: The SAM account name of the user.  If the name is taken, the user should be prompted to specify a different name.

Description: A short description of the user.

If any groups were set to be auto-enrolled in, the user should be automatically enrolled in those groups.  Otherwise, they should be added to the default group for that dashboard "All <dashboard code> Users".

Active Directory Group Attributes

Name: The display name of the Active Directory group.

Description: A brief description of the group.

Protected: This option is only visible to users with Site or Security Administrator roles.  If this box is ticked, only Site or Security administrators will be able to add or remove users to that group, as well as edit or delete that group.

Auto Enroll: If this option is ticked, new users created through this module will be automatically added to this group.

Active Directory Group Actions

Add Group (): This brings up a dialog for entering new group information. A randomized password will be generated and given to the user to change.

Edit Group (): This brings up a dialog for editing group information.

Delete Group (): This will prompt the user for confirmation, at which point the group will be deleted.

Creating New Groups

Clicking the Add Group () button will bring up a dialog with the following fields for creating groups:

Group Name: The name of the group.

Description: A short description of the group.

If the Edit Group () button is clicked, the same dialog will show up.  However, changing the group name can have the potential to break logins using active directory, so a confirmation dialog will appear if you attempt to save those edits.

 


Copyright © 2024 pasUNITY, Inc.

 

Send comments on this topic.