Chat now with support
Chat mit Support

Active Administrator 8.7 - User Guide

Active Administrator Overview User Provisioning Certificates Security & Delegation  Active Directory Health
Switching to Active Directory Health Using the Active Directory Health landing page Installing Active Directory Health Analyzer agents Using the Active Directory Health Analyzer agent configuration utility Excluding domain controllers Managing the Remediation Library Analyzing Active Directory health Analyzing Azure Active Directory Managing Active Directory Health Analyzer alerts Managing alert notifications Pushing alerts to System Center Operations Manager and SNMP managers Managing monitored domain controllers Managing data collectors Active Directory Health Templates Managing Active Directory Health Analyzer agents Using the Troubleshooter Recovering Active Directory Health data
Auditing & Alerting Group Policy Active Directory Recovery Active Directory Infrastructure DC Management DNS Management Configuration
Using the Configuration landing page Managing tasks Defining role-based access Setting email server options Configuring SCOM and SNMP Settings Setting notification options Setting Active Template options Setting agent installation options Setting recovery options Setting GPO history options Setting certificate configuration Setting service monitoring policy Managing archive databases Migrating data to another database Setting a preferred domain controller Setting up workstation logon auditing Managing configuration settings Setting user options Managing the Active Directory server
Diagnostic Console Alerts Appendix
Domain controller alerts
Active Directory Certificate Services service is not running Active Directory Domain Services is not running Active Directory Web Services service is not running Consecutive replication failures DC cache hits DC DIT disk space DC DIT log file disk space DC LDAP load DC LDAP response too slow DC Memory Usage DC properties dropped DC RID pool low DC SMB connections DC SYSVOL disk space DC time sync lost Detected NO_CLIENT_SITE record DFS Replication service not running DFS service is not running DFSR conflict area disk space DFSR conflict files generated DFSR RDC not enabled DFSR sharing violation DFSR staged file age DFSR staging area disk space DFSR USN records accepted DFSRS CPU load DFSRS unresponsive DFSRS virtual memory DFSRS working set DNS Client Service is not running Domain controller CPU load Domain controller page faults Domain controller unresponsive File Replication Service is not running File replication (NTFRS) staging space free in kilobytes GC response too slow Group policy object inconsistent Hard disk drive Intersite Messaging Service is not running Invalid primary DNS domain controller address Invalid secondary DNS domain controller address KDC service is not running LSASS CPU load LSASS virtual memory LSASS working set Missing SRV DNS record for either the primary or secondary DNS server NETLOGON not shared NetLogon service is not running Orphaned group policy objects exist Physical memory Power supply Primary DNS resolver is not responding Secondary DNS resolver is not responding Security Accounts Manager Service is not running SRV record is not registered in DNS SYSVOL not shared W32Time service is not running Workstation Service is not running
Domain alerts Site alerts Forest alerts Azure Active Directory Connect alerts
Event Definitions PowerShell cmdlets

Provisioning Users

Previous Next



Provisioning Users

Provisioning involves creating user accounts, giving permissions, and changing accounts or privileges as necessary.

To provision users:
1
Click Provisioning | Provision Users.
2
Click Provision Users to configure your provisioning settings.

You can use the default template provided by Active Administrator that contains basic user account attributes or select a previously created custom template

If there is an issue with the template file you will be prompted to either load the default file or edit the template and try again. See Editing the Provisioning Template for file details.

4
On the Import data screen, browse to the .csv file that contains the user account data, select whether the source user data is separated by a comma, colon, semi-colon, pipe, or tab, and enter the number of header rows to be removed from the file.

The imported data will display in the preview pane. If the format meets your requirement, click Next to select the provisioning option. If not, edit the template or the csv file, re-import the csv file and review the data again.

5
On the Select options page, define how you want to provision users, then click Next to commit the changes.
6
On the Provision users screen, preview the changes that will be made to the Active Directory once the updates are committed. Select Stop Preview to stop loading user data once you are satisfied with the settings.
7
Select Back to edit the user provisioning settings if required or click Commit to apply the updates in Active Directory.

Once you commit the changes, the Active Directory Users container is searched to locate the specified SAMAccountName attribute specified in the template. If an associated user is not found, a new user is created; if the user is found, it is updated with the attributes in the imported csv file.

Editing the Provisioning Template

Previous Next


User Provisioning > Using the Provisioning landing page > Editing the Provisioning Template

Editing the Provisioning Template

The provisioning template contains the user attributes that you want to manipulate. A default template is installed with Active Administrator that contains the following user attributes: Login Name, Display name, First name, Last name, and Initial password. However, if required, you can create a copy of this file and update as required to meet your specific needs.

To edit the template
1
Locate the UserProvisioningTemplate.json file found under MyDocuments\Quest Active Administrator\Provisioning\Templates.

By default, the file contain fields for:

Each property will consist of:

3
Re-import the csv file, and click Refresh Template to review the data again. Once you are satisfied with the preview, commit the updates.

Example template file structure

{

"name": "User provisioning template",

"description": "The template for provisioning users.",

"properties": [

{

"name": "saMAccountName",

"displayName": "Login Name",

"inclusion": "mandatory"

},

{

"id": "cn",

"displayName": "Common Name",

"adPropertyName": "cn"

"inclusion": "mandatory"

},

{

"name": "displayName",

"displayName": "Display Name",

"inclusion": "mandatory"

},

{

"name": "givenName",

"displayName": "First Name",

"inclusion": "optional"

},

{

"name": "sn",

"displayName": "Last Name",

"inclusion": "optional"

},

{

"name": "initialPassword",

"displayName": "Initial Password",

"inclusion": "optional"

}

]

}

Deprovisioning Users

Previous Next



Deprovisioning Users

Deprovisioning users removes privileges or access from an account or deletes an account that is no longer required as a result of employee leaving a company or changing responsibilities within the organization. The ability to automate this process helps to quickly ensure these accounts are not left exposed to attacks and potentially inappropriate data access.

To deprovision a user account:
1
Click Provisioning | Deprovision Users.
2
Click Deprovision Users to configure your provisioning settings.

Search through Active Directory or type a specific user and add and remove as required.

Import a list of users from a .csv file. Browse to the .csv file that contains the user account data, select whether the source user data is separated by a comma, colon, semi-colon, pipe, or tab, enter the number of header rows to be removed from the file, and identify which column contains the required SAM account.

Use the list of users that have been deemed inactive through the settings that have been configured through Active Administrator. See Managing inactive accounts.

4
Once you have selected the users, choose whether you want to Disable accounts or Delete accounts, and click Next.
5
On the Deprovision users screen, preview the changes that will be made to the Active Directory once the updates are committed. Select Stop Preview to stop loading user data once you are satisfied with the settings.
6
Select Back to edit the user deprovisioning settings if required or click Commit to apply the updates in Active Directory.

Viewing the provisioning and deprovisioning logs

Previous Next


User Provisioning > Using the Provisioning landing page > Viewing the provisioning and deprovisioning logs

Viewing the provisioning and deprovisioning logs

When you begin the provisioning or deprovisioning process, a log file that tracks your provisioning actions is created, stored on the server until purged, and available to view in the client for troubleshooting purposes. For ease of management, the name of each log file is prefaced with the type of action (provisioning or deprovisioning), a date and time stamp, and a unique ID.

Once the existing log file reaches the maximum size of 16MB, a new log file is created.

To view the stored log entries
1
Click Provisioning | View logs.
2
Expand Provisioning or Deprovisioning to view the associated logs.

 

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen