Active Roles 7.2.1 - Web Interface Administrator Guide

Removing temporal members

You can remove temporal group members in the same way as regular group members. Removing a temporal member of a group deletes the temporal membership settings for that object with respect to that group. As a result, the object will not be added to the group. If the object already belongs to the group at the time of removal, then it is removed from the group.

To remove a temporal member of a group

1. In the Web Interface, select the group, and then choose the Members command.
2. On the Members page, select the member, and click Remove.

Managing AD LDS data

You can use the Web Interface to manage directory data in Microsoft Active Directory Lightweight Directory Services (AD LDS). Similarly to Active Directory domains, directory data can be managed in only the AD LDS instances that are registered with Active Roles (managed AD LDS instances).

The application directory partitions found on the managed AD LDS instances are grouped together in the AD LDS (ADAM) container, thus making it easy to locate the AD LDS data. Each directory partition is represented by a separate container (node) so you can browse the partition tree the same way you do for an Active Directory domain.

The Web Interface supports a wide range of administrative operations on AD LDS users, groups and other objects, so you can create, view, modify, and delete directory objects, such as users, groups, containers and organizational units, in AD LDS the same way you do when managing data in Active Directory.

To browse the directory tree in AD LDS directory partitions

1. On the Navigation bar, click Directory Management.
2. In the Browse pane, click the Tee tab.
3. On the Tree tab, do the following:
   1. Expand the AD LDS (ADAM) container.
   2. Under AD LDS (ADAM), expand a directory partition object to view its top-level containers.
   3. Expand a top-level container to view the next level of objects in that container.
4. Do one of the following:
   • To move down a directory tree branch, continue expanding the next lowest container level on the Tree tab.
   • To administer a directory object at the current directory level, click a container on the Tree tab and use the instructions that follow.

To manage directory data in AD LDS

On the Tree tab in the Browse pane, under AD LDS (ADAM), click the container that holds the data you want to manage.

1. In the list of objects, select the object that represents the directory data you want to manage.
2. Use commands in the Command pane to perform management tasks.

Managing computer resources

You can use the Web Interface to manage the following computer resources:

• Services  Start or stop a service, view or modify properties of a service.
• Network file shares  Create a file share, view or modify properties of a file share, stop sharing a folder.
• Logical printers  Pause, resume or cancel printing, list documents being printed, view or modify properties of a printer.
• Documents being printed (print jobs)  Pause, resume, cancel or restart printing of a document, view or modify properties of a document being printed.
• Local groups  Create or delete a group, add or remove members from a group, rename a group, view or modify properties of a group. Unavailable on domain controllers.
• Local users  Create or delete a local user account, set a password for a local user account, rename a local user account, view or modify properties of a local user account. Unavailable on domain controllers.
• Devices  View or modify properties of a logical device, start or stop a logical device.

To manage computer resources

1. In the Web Interface, locate the computer that hosts resources you want to manage. For instructions on how to locate objects in the Web Interface, see Locating directory objects earlier in this document.
2. Select the computer in the list of objects, and then click Manage in the Command pane.
3. In the list of resource types, click the type of resource you want to manage.
4. In the list of objects that appears, select the resource you want to manage.
5. Use commands in the Command pane to perform management tasks on the selected resource.

To manage print jobs

1. Repeat Steps 1–2 of the previous procedure, to start managing computer resources.
2. In the list of resource types, click Printers to view a list of printers found on the computer you selected.
3. In the list of printers, select a printer whose print jobs you want to manage.
4. In the Command pane, click Print Jobs to view a list of documents being printed.
5. In the list of documents, select a document to pause, resume, restart, or cancel printing.
6. Use commands in the Command pane to perform management tasks on the selected document.

Restoring deleted objects

The Web Interface can be used to restore deleted objects in any managed domain that is configured to enable Active Directory Recycle Bin—a feature of Active Directory Domain Services introduced in Microsoft Windows Server 2008 R2.

To undo deletions, Active Roles relies on the ability of Active Directory Recycle Bin to preserve all attributes, including the link-valued attributes, of the deleted objects. This makes it possible to restore deleted objects to the same state they were in immediately before deletion. For example, restored user accounts regain all group memberships that they had at the time of deletion.

This section provides instructions on how to restore deleted objects by using the Web Interface. For more information, see the “Recycle Bin” chapter in the Active Roles Administrator Guide.