View or update the Azure AD
View or update the Azure AD user properties
For an existing Azure AD user, you can use the Active Roles Web Interface to view or update the properties.
To view or modify the Azure AD user properties
- On the Active Roles Web interface Navigation bar, click Directory Management.
-
On the Views tab in the Browse pane, click Azure Configuration -> Azure Tenants.
The list of existing Azure AD tenants are displayed.
-
Select the check box corresponding to the specific Azure AD tenant for which, you want to view or modify the Azure properties.
-
In the Command pane, click Azure properties.
The Azure Properties wizard for the Azure AD tenant is displayed.
-
Use the fields in the Azure Properties wizard to view or modify the password or description of the Azure AD tenant.
NOTE:
- If the Tenant type is selected as Federated Domain or Synchronized Identity domain while creating the Azure User, Group, or Contact, the Azure properties fields on Azure properties wizard of the that Azure object are greyed out and cannot be edited.
- If Tenant type is selected as Federated Domain or Synchronized Identity domain, it enables the user to create Azure User even when Azure AD Connect is enabled.
- You cannot modify the Azure AD tenant ID.
- Click Azure AD Tenant Type, and modify type of domain assigned to the Azure tenant.
- After setting all the required properties, click Save.
1. Azure Properties - Read-Only is one such difference.
2. When Sync. & Federated Identity is selected it enables the user to create Azure User even when AAD Connect is enabled.
3. The attributes are Sync'ed using AAD Connect in Sync. & Federated Identity
Modify the Azure AD user Manager
For an existing Azure AD user, you can use the Active Roles Web Interface to modify the Azure AD user Manager.
To view or modify the Azure AD user properties
- On the Active Roles Web interface Navigation bar, click Directory Management.
- On the Views tab in the Browse pane, click Active Directory.
The list of Active Directory domains is displayed.
- Click the specific domain, Container or the Organizational Unit, and then select the check box corresponding to the specific user for which you want to view or update the Manager information.
- In the Command pane, click General properties.
The General Properties dialog box for the user is displayed.
- Navigate to the Managed by tab, and in the Manager field, click Change.
- Use the Select Objects dialog box, to locate and select the Manger to assign to the user and click OK.
The newly added Manager name is displayed in the Manager field.
- Click Save.
The Manager ID field in the Azure Properties wizard for the user is populated with the new Manager information.
NOTE: To verify the changes in Microsoft Azure, go to the Azure Portal and view the Manger ID information for the specific user in the Work Info tab.
Disable or re-enable an Azure AD user
Disable or re-enable an Azure AD user
You can use the Active Roles Web Interface to disable a user for logon to Azure. This allows you to disable a previously enabled user in Azure AD while retaining all the Azure settings that were configured for the user. The Azure AD user settings are retained for a disabled account. Hence you can re-enable a disabled user again without having to reconfigure the user.
To disable or re-enable a previously enabled user for Azure
- On the Active Roles Web interface Navigation bar, click Directory Management.
- On the Views tab in the Browse pane, click Active Directory.
The list of Active Directory domains is displayed.
- Click the specific domain, Container or the Organizational Unit, and then the specific user to be disabled.
- In the Command pane, click Disable.
The account is disabled and marked with a disabled icon.
- To enable a disabled account, select the check-box corresponding to the disabled account and in the Command pane click Enable.
NOTE: The Enable command only appears for a disabled account.
The account is enabled again.
Deprovision or undo deprovision Ad user
Deprovision or undo deprovision of a Azure AD user
Active Roles provides the ability to deprovision rather than delete or only disable users. Deprovisioning a user refers to a set of actions that are performed by Active Roles in order to prevent the user from logging on to the network and accessing network resources such as the user’s mailbox or home folder.
The Deprovision command on a user updates the account as prescribed by the deprovisioning policies. Active Roles comes with a default policy to automate some commonly-used deprovisioning tasks, and allows the administrator to configure and apply additional policies.
To deprovision a user for Azure
- On the Active Roles Web interface Navigation bar, click Directory Management.
- On the Views tab in the Browse pane, click Active Directory.
The list of Active Directory domains is displayed.
- Select the user, and in the Command pane, click Deprovision.
A message is displayed prompting you to confirm the account deprovision.
- Click Yes, to continue
Wait while Active Roles updates the user.
After the task is completed, a message is displayed that the account is deprovisioned successfully from Active Roles.
To undo deprovision of a user for Azure
- On the Active Roles Web interface Navigation bar, click Directory Management.
- On the Views tab in the Browse pane, click Active Directory.
The list of Active Directory domains is displayed.
- Select the user, and in the Command pane, click Undo Deprovisioning.
The Password Options dialog box is displayed.
- Select the option to Leave the Password unchanged or Reset the password, and click OK.