Chat now with support
Chat with Support

Metalogix ControlPoint 8.2 - User Guide

Preface Getting Started with ControlPoint Using Discovery to Collect Information for the ControlPoint Database Cache Searching for SharePoint Sites Managing SharePoint Objects
Accessing SharePoint Pages Viewing Properties of an Object within the SharePoint Hierarchy Creating Dashboards for Monitoring Statistics within Your SharePoint Farm Setting Object Properties Managing Site Collection and Site Features Managing Audit Settings Creating and Managing SharePoint Alerts Setting ControlPoint Alerts Managing Metadata Copying and Moving SharePoint Objects (Version 8.0 and Earlier) Moving a Site Collection to Another Content Database Deleting Sites Deleting Lists Archiving Audit Log Data Before Moving or Deleting a Site Collection Duplicating a Workflow Definition from one List or Site to Others Removing a Workflow from One or More Lists (or Sites)
Using ControlPoint Policies to Control Your SharePoint Environment Managing SharePoint User Permissions Data Analysis and Reporting
Specifying Parameters for Your Analysis Analysis Results Display Generating a SharePoint Summary Report Analyzing Activity Analyzing Object Properties Analyzing Storage Analyzing Content Generating a SharePoint Hierarchy Report Analyzing Trends Auditing Activities and Changes in Your SharePoint Environment Analyzing SharePoint Alerts Analyzing ControlPoint Policies Analyzing Users and Permissions The ControlPoint Task Audit Viewing Logged Errors
Scheduling a ControlPoint Operation Saving, Modifying and Executing Instructions for a ControlPoint Operation Using the ControlPoint Governance Policy Manager (SharePoint 2010 and Later) Using Sensitive Content Manager to Analyze SharePoint Content for Compliance Using ControlPoint Sentinel to Detect Anomalous Activity Default Menu Options for ControlPoint Users About Us

Accessing Members of Active Directory Groups in Different Domains or Forests

If you want to be able to view members of Active Directory groups in another domain or forest when analyzing users and permissions, one of the following trust relationships must exist:

·a two-way trust (that is, users from both domains or forests can access each other's resources without additional authentication)

OR

·a one-way outgoing trust relationship (that is, resources in the domain in which ControlPoint is installed are accessible to users in the user domain or forest.  In this case, ControlPoint needs to be configured to access certain resources—such as Active Directory group members— in the other forest).

The Manage Forest Access feature lets you specify the account credentials that ControlPoint will use for authentication whenever it needs to retrieve Active Directory group members in a forest with which it has a one-way outgoing trust relationship. The account ControlPoint uses for authentication must have a minimum of Read access to the other forest.  As an added security measure, ControlPoint encrypts these credentials using the Advanced Encryption Standard (AES) algorithm before they are stored.

Note that, if your environment uses a one-way trust relationship and you do not configure ControlPoint to manage forest access:

·ControlPoint will still be able to report on permissions granted to users and groups in other domains, but you will not be able to expand Active Directory groups and view membership in those domains.  

AND

·If an Active Directory group is placed into the Business Administrators group, members of that Active Directory group will not be recognized as Business Administrators.

To access the Manage Forest Access feature:

·If the menu item has been added to ControlPoint and you have permissions for it, from the Manage ControlPoint panel, choose Manage Forest Access

OR

·Replace the xcMain.aspx portion of the ControlPoint url with xcForestAccess.aspx.

Manage Forest Access NEW

To manage access to domains and forests with one-way outgoing trusts:

Use the information in the following table to determine the appropriate action to take.

If you want to ...

Then ...

add a forest to the list

§Click the Add new Record link.

§For Forest Root Domain, enter the fully qualified domain name.

§Enter the Domain\Account you want ControlPoint to use for authentication, and the account Password.

Manage Forest Access ADD MENU ITEM

§Click the Update link.

update account credentials for a forest in the list

·Click the Edit link for the applicable record.

·Update the appropriate field(s).

CAUTION:  The Password field will always be cleared when you open a record for editing and must be re-entered before a record can be updated, regardless of whether it has changed.

·Click the Update link.

delete a forest from the list

Click the Delete link for the applicable record.

(A confirmation dialog will display asking you if you want continue with the delete action.)

 

Related Documents