Use this task to obtain an overview of the most important information about a contact.
To obtain an overview of a contact
In the Manager, select the Active Directory > Contacts category.
Select the contact in the result list.
Select the Active Directory contact overview task.
Read the documentation for your Active Directory for an explanation of group concepts under Windows Server.
In Active Directory, contacts, computers, and groups can be collected into groups for which the access to resources can be regulated not only within a domain but across domains.
We distinguish between two group types:
Security groups
Permissions are granted through security groups. User accounts, computers, and other groups are added to security groups and which makes administration easier. Security groups are also used for email distribution groups.
Distribution groups
Distribution groups can be used as mail-enabled distribution groups. Distribution groups do not have any security.
In addition, a group area is defined for each group type. Permitted group types are:
Universal
Groups within this scope are described as universal groups. Universal groups can be used to make cross-domain permissions available. Universal group members can be user accounts and groups from all domains in one domain structure.
Local domain
Groups in this scope are described as groups of the local domain. Local groups are used when permissions are issued within the same domain. Members of a domain local group can be user accounts, computers, or groups in any domain.
Global
Groups within this scope are described as global groups. Global groups can be used to make cross-domain permissions available. Members of a global group are only user accounts, computers, and groups belonging to the global group’s domain.
You can set up new groups or edit existing groups.
To create a group
In the Manager, select the Active Directory > Groups category.
Click 
On the main data form, edit the main data of the group.
To edit group main data
In the Manager, select the Active Directory > Groups category.
Select the group in the result list.
Select the Change main data task.
On the main data form, edit the main data of the group.
Enter the following data on the General tab.
| Property | Description |
|---|---|
|
Name |
Name of the group. The group identifier is used to form the group name for previous group name (pre Win2000) versions. |
|
Domain |
Domain in which to create the group. |
|
Container |
Container in which to create the group. |
|
Distinguished name |
Distinguished name of the group. The distinguished name is determined by template from the name of the group and the container and cannot be edited. |
|
Display name |
Name for displaying the group in the user interface of One Identity Manager tools. |
|
Group name (pre Win2000) |
Name of the group for the previous versions. The group name is taken from the group identifier. |
| Structural object class |
Structural object class representing the object type. By default, you set up groups in One Identity Manager with the object class GROUP. |
|
Object class |
List of classes defining the attributes for this object. The object classes listed are read in from the database during synchronization with the Active Directory environment. However, in the input field, you can add object classes and auxiliary classes that are used by other LDAP and X.500 directory services. |
|
Account manager |
Manager responsible for the group. To specify an account manager
|
|
Group manager can update members list. |
Specifies whether the account manager can change the memberships for this group. |
|
Protected from accidental deletion |
Specifies whether to protect the group against accidental deletion. If the option is set, the permissions for deleting the group are removed in Active Directory. The group cannot be deleted or moved. |
|
Email address |
Group's email address |
|
Risk index |
Value for evaluating the risk of assigning the group to user accounts. Set a value in the range 0 to 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is activated. For more information, see the One Identity Manager Risk Assessment Administration Guide. |
|
Category |
Categories for group inheritance. Groups can be selectively inherited by user accounts |
|
Description |
Text field for additional explanation. |
|
Remark |
Text field for additional explanation. Abbreviations for combinations of group type and group area are added in the comment and should not be changed. |
|
Security group |
Group type. Authorizations are issued through security groups. User accounts, computers, and other groups are added to security groups and which makes administration easier. Security groups are also used for email distribution groups. |
|
Distribution group |
Group type. Distribution groups can be used as email distribution groups. Distribution groups do not have any security. |
|
Universal group |
Group scope. Universal groups can be used to make cross-domain authorizations available. Universal group members can be user accounts and groups from all domains in one domain structure. |
|
Local group |
Group scope. Local groups are used when authorizations are issued within the same domain. Members of a domain local group can be user accounts, computers, or groups in any domain. |
|
Global group |
Group scope. Global groups can be used to make cross-domain authorizations available. Members of a global group are only user accounts, computers, and groups belonging to the global group’s domain. |
|
IT Shop |
Specifies whether the group can be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. The group can still be assigned directly to hierarchical roles. |
|
Only for use in IT Shop |
Specifies whether the group can only be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. Direct assignment of the group to hierarchical roles or user accounts is not permitted. |
|
Service item |
Service item data for requesting the group through the IT Shop. |
|
Read-only memberships |
Specifies whether memberships are read-only. For example, dynamic groups. The memberships are regulated by the target system. Manual changes to memberships in One Identity Manager are not permitted. |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Termini di utilizzo Privacy Cookie Preference Center
next to the field.