If any of the following special characters must appear in the search filter as literals, they must be replaced by the listed escape sequence.
ASCII Character |
Escape Sequence Substitute |
* |
\2a |
( |
\28 |
) |
\29 |
\ |
\5c |
NUL |
\00 |
In addition, arbitrary binary data may be represented using the escape sequence syntax by encoding each byte of binary data with the backslash (\) followed by two hexadecimal digits. For example, the four-byte value 0x00000004 is encoded as \00\00\00\04 in a filter string.
In object creation wizards and properties dialog boxes, some property labels may be displayed as hyperlinks. This indicates that Active Roles enforces policy restrictions on the property.
In the following figure, the User logon name and User logon name (pre-Windows 2000) labels are underlined, which means that these properties are under the control of a certain policy defined with Active Roles.
Figure 3: Policy related information
To examine the policy in detail, you can click the label. For example, if you click User logon name (pre-Windows 2000), the Active Roles console presents you with a window similar to the following figure.
Figure 4: Policy description
The window may display the following information:
You can click arrows in the lower-left corner to display description of other policies enforced on the given property.
The Message section is displayed whenever the specified property value violates the policy. The following figure illustrates the situation where a value has not been supplied for a mandatory property.
Figure 5: Policy violation message
When you click Go To in this window, the console moves the pointer to the field that needs to be corrected. You can type or select an appropriate value to correct your input.
Enterprises usually design their OU-based network structure on geographical or departmental boundaries, restricting the ability to delegate administration outside these boundaries. However, they can face situations that require objects to be grouped together in ways that differ to the OU structure.
Active Directory offers a comprehensive delegation model. However, since the scope of delegation is defined using Organizational Units, distributed administration in Active Directory is constrained by the OU structure.
In Active Directory, without changing the directory structure, it is impossible to re-group objects so that the new “groups” support inheritance for their members when delegating control or enforcing policy. As a solution to this inflexible, OU-based structure, Active Roles provides the facility to configure administrative views that meet any directory management needs. The administrative views (Managed Units) allow distributed administration to be independent of the OU hierarchy.
Thus, Active Roles provides Managed Units (MUs)—securable, flexible, rules-based administrative views. MUs represent dynamic virtual collections of objects of different types. MUs may include any directory objects, regardless of their location in the network. This allows objects to be grouped into administrative views that are independent of the OU-based structure.
Managed Units allow organizations to implement OU structures on a geographical basis, but distribute administration on a functional basis. For example, all users in a particular department, regardless of their location in different OUs, could be grouped into a single Managed Unit for the purposes of delegating access control and enforcing administrative policy. The members of that Managed Unit would remain in their geographically defined OUs, leaving the OU structure unaffected.
Managed Units make it possible to organize an enterprise in any particular way, without changing the underlying domain and OU structure. Managed Units can include directory objects from different domains, trees and forests, as well as from other Managed Units. In addition, different Managed Units can have common members. These features of Managed Units create an environment that is both secure and easy to manage.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy