サポートと今すぐチャット
サポートとのチャット

Active Roles 8.1.5 - Console User Guide

Introduction Getting started User or service account management Group management Computer account management Organizational Unit management Contact management Exchange recipient management

Resetting a user password

You can reset the password of a Active Directory user account with the Active Roles Console.

To reset a user password

  1. In the Console tree, locate and select the folder that contains the user account whose password you want to reset.

  2. In the details pane, right-click the user account whose password you want to reset, then click Reset Password to display the Reset Password dialog.

  3. Type and confirm the password, or click the button next to the New password box to have Active Roles generate a password.

    Figure 9: Reset Password

  4. Configure the available password options with the appropriate check boxes. For example, if your organization requires users to change the reset password during their next login, select User must change password at next logon.

  5. When finished, click OK.

NOTE: Consider the following when resetting a user password:

  • To spell out the specified or auto-generated password, click the Spell out password button.

  • Services that are authenticated with a user account must be reset if the password for the service’s user account is changed.

  • To locate the user account whose password you want to reset, use the Find function of Active Roles. Once you found the user account, reset its password by selecting it in the list of search results, right-clicking it, and clicking Reset Password.

Adding a user account to a group

You can add Active Directory user accounts to a group with the Active Roles Console.

To add a user account to a group

  1. In the Console tree, locate and select the folder that contains the user account you want to add to a group.

  2. In the details pane, right-click the user account, then click Add to a Group.

  3. Use the Select Objects dialog to locate and select the group to which you want to add the user account (you can select more than one group).

NOTE: Consider the following when adding an object to a group:

  • In the Select Objects dialog, you can select groups from the list or type group names, separating them with semicolons. Click Check Names to verify the names you type. If Active Roles cannot find a group, it prompts you to correct the name.

  • You can add multiple objects to a group at a time: Select the objects, right-click the selection, and click Add to a Group. To select multiple objects, press and hold down Ctrl, then click each object.

    When you select multiple objects, the Member Of tab lists the groups to which all the selected objects belong. If one of the objects does not belong to a given group, that group does not appear in the list.

  • You can also add or remove objects from groups by using the Properties dialog: Select one or more objects, right-click the selection, click Properties, and go to the Member Of tab in the Properties dialog.

  • On the Member Of tab, you can manage groups directly from the list of groups. To manage a group, right-click it, and use commands on the shortcut menu.

  • The Member Of tab lists the groups to which the object belongs. If the Show nested groups check box is selected, the list also includes the groups to which the object belongs owing to group nesting.

  • You can also add the object to groups by clicking Add on the Member Of tab. This displays the Select Objects dialog, allowing you to select the groups to which you want to add the object.

  • The Temporal Membership Settings button can be used to specify the date and time when the object should be added or removed from the selected groups. For more information about this feature, see Using temporal group memberships.

  • By adding an object to a group, you can assign permissions to all of the objects in that group and filter Group Policy settings on all objects in that group.

  • To locate objects you want to add to a certain group, use the Find function of Active Roles. Once you found the objects, select the accounts in the list of search results, right-click the selection, and click Add to a Group.

Figure 10: Adding user accounts to groups

Removing a user account from a group

You can remove user accounts from Active Directory groups with the Active Roles Console.

To remove a user account from a group

  1. In the Console tree, locate and select the folder that contains the user account you want to remove from a group.

  2. In the details pane, right-click the user account, then click Properties.

  3. On the Member Of tab in the Properties dialog, clear the Show nested groups check box, select the group from which you want to remove the user account, and click Remove.

NOTE: Consider the following when removing an object from a group:

  • If you have not cleared the Show nested groups check box, the list on the Member Of tab also includes the groups to which the object belongs indirectly, that is, because of group nesting. If you select such a group from the list, the Remove button is unavailable. An object can be removed only from those groups of which the object is a direct member.

  • You cannot remove objects from their primary groups. Instead, you can change the primary group of an object. To do so, on the Member Of tab, select a different group from the list, then click Set Primary Group.

Changing the primary group of a user

You can change the primary group of a user with the Active Roles Console.

To change the primary group of a user

  1. In the Console tree, locate and select the folder that contains the user account whose primary group you want to change.

  2. In the details pane, right-click the user account, then click Properties.

  3. On the Member Of tab in the Properties dialog, click the group that you want to set as the primary group of the user, then click Set Primary Group.

NOTE: Consider the following when changing a user's primary group:

  • Primary groups are used exclusively by Macintosh clients and POSIX-compliant applications. Unless you are using these services, there is no need to change the primary group from Domain Users, which is the default value.

  • The primary group of the user must be in the same domain as the user account. Also, the primary group must be either a global or universal security group. If you select a group with the group scope set to Domain local, or you select a distribution group, then the Set Primary Group button will not be available.

  • Setting the primary group of the user to a value other than Domain Users may negatively affect performance, as all users in the domain are members of Domain Users. If the primary group of the user is set to another group, it may cause the group membership to exceed the supported maximum number of members.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択