The Directory Management section of the Web Interface allows you to browse for, and administer, directory objects in your organization. You can navigate through containers in the directory; view, filter and select objects held in the container; and apply commands to the selected object or container.
Whether you can perform a certain management task depends upon permissions granted to your user account, and the Web Interface customization settings.
NOTE: If your environment has a large number of Microsoft Exchange mailboxes (or a complex Microsoft Exchange deployment), Active Roles may retrieve the properties of users with Exchange mailboxes slower than for users without Exchange mailboxes.
To solve this problem, enable a performance fix by creating a new registry key as described in Knowledge Base Article 4336544:
-
On the machine(s) running the Administration Service and the Web Interface, launch the Windows Registry Editor.
-
In the Registry Editor, navigate to the following registry path:
HKEY_LOCAL_ MACHINE\SOFTWARE\One Identity\Active Roles\Configuration
-
Create a new DWORD (32-bit) Value named PerformanceFlag.
-
Double-click the new PerformanceFlag DWORD, and set its Value data to 1.
-
To apply the fix, restart the Active Roles Administration Service and IIS. If the fix is enabled successfully, the following Active Roles event log with Event ID 2508 will appear in the Event Viewer:
Performance flag value set to 1.
-
(Optional) To deactivate the fix later, set the Value data of the PerformanceFlag DWORD to 0.
The PerformanceFlag registry key accepts only a value of 1 (to activate the fix) or 0 (to deactivate it).
To perform a management task
-
On the Navigation bar, click Directory Management.
-
On the Views tab in the Browse pane, click one of the following:
-
To manage objects in Active Directory containers, such as domains or Organizational Units, click Active Directory. This displays a list of Active Directory domains.
-
To manage directory objects in a certain Managed Unit, click Managed Units. This displays a list of Managed Units.
-
-
In the list of objects, do one of the following:
-
To navigate to a container, such as an Organizational Unit, click the name of that container.
-
To perform a command that applies to the current container, click that command in the Command pane under the name of the current container.
-
To perform a command on a particular object held in the current container, select the check box next to the name of that object, then click the command in the top area of the Command pane, under the name of the object.
-
To perform a command on two or more objects at a time, select the check box next to the name of each object, then click the command in the top area of the Command pane.
NOTE: In the list of objects, clicking the name of a leaf object such as a user or group, will display a page where you can view or modify object properties. Clicking a container object such as a domain or an organizational unit will display a list of objects held in that container.
-
When you perform a management tasks, the Web Interface supplements and restricts your input based on policies and permissions defined in Active Roles. The Web Interface displays the data generated by policies, and prevents the input of data that would cause policy violations. The following rules apply:
-
If a policy requires that a value be specified for a particular property, the name of the field for that property is marked with an asterisk (*).
-
If a policy imposes any restrictions on a property, an information icon is displayed next to the name of the field for that property. Click the icon to view policy information, which you can use to enter an acceptable value.
-
When you specify a property value that violates a policy, and click Save, the Web Interface displays an error message. Review the error message and correct your input.
-
Pages for object creation must include the entries for all required properties. Otherwise, the Web Interface fails to create the object. For information on how to configure forms, see Configuring forms in the Active Roles Web Interface Configuration Guide.
-
Object property pages display the values of the properties for which you have the Read permission. You can modify only those properties for which you have the Write permission. The properties for which you only have the Read permission are displayed as read-only.
-
The Command pane includes only the commands that you are permitted to use.
-
The list of objects includes only the objects that you are permitted to view.