You can remove temporal group members in the same way as regular group members. Removing a temporal member of a group deletes the temporal membership settings for that object with respect to that group. As a result, the object will not be added to the group. If the object already belongs to the group at the time of removal, then it is removed from the group.
To remove a temporal member of a group
|
NOTE: You can remove an object that is a temporal member of a group by managing the object rather than the group. Select the object, and then choose the Member Of command. On the Member Of page, select the group from the list and click Remove. |
You can use the Web Interface to manage directory data in Microsoft Active Directory Lightweight Directory Services (AD LDS). Similarly to Active Directory domains, directory data can be managed in only the AD LDS instances that are registered with Active Roles (managed AD LDS instances).
The application directory partitions found on the managed AD LDS instances are grouped together in the AD LDS (ADAM) container, thus making it easy to locate the AD LDS data. Each directory partition is represented by a separate container (node) so you can browse the partition tree the same way you do for an Active Directory domain.
The Web Interface supports a wide range of administrative operations on AD LDS users, groups and other objects, so you can create, view, modify, and delete directory objects, such as users, groups, containers and organizational units, in AD LDS the same way you do when managing data in Active Directory.
To browse the directory tree in AD LDS directory partitions
To manage directory data in AD LDS
On the Tree tab in the Browse pane, under AD LDS (ADAM), click the container that holds the data you want to manage.
|
NOTE: In the list of objects, clicking the name of a leaf object, such as a user or group, displays a page intended to view or modify object properties; clicking a container object, such as a partition or an organizational unit, displays a list of objects held in that container. |
You can use the Web Interface to manage the following computer resources:
To manage computer resources
To manage print jobs
The Web Interface can be used to restore deleted objects in any managed domain that is configured to enable Active Directory Recycle Bin—a feature of Active Directory Domain Services introduced in Microsoft Windows Server 2008 R2.
To undo deletions, Active Roles relies on the ability of Active Directory Recycle Bin to preserve all attributes, including the link-valued attributes, of the deleted objects. This makes it possible to restore deleted objects to the same state they were in immediately before deletion. For example, restored user accounts regain all group memberships that they had at the time of deletion.
This section provides instructions on how to restore deleted objects by using the Web Interface. For more information, see the “Recycle Bin” chapter in the Active Roles Administrator Guide.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy