Chat now with support
Chat with Support

Active Roles 7.2 - Administration Guide

Introduction About Active Roles Getting Started Rule-based Administrative Views Role-based Administration
Access Templates as administrative roles Access Template management tasks Examples of use Deployment considerations Windows claims-based Access Rules
Rule-based AutoProvisioning and Deprovisioning
About Policy Objects Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning E-mail Alias Generation Exchange Mailbox AutoProvisioning Home Folder AutoProvisioning Script Execution User Account Deprovisioning Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Workflows
Understanding workflow Workflow activities overview Configuring a workflow
Creating a workflow definition Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Example: Approval workflow E-mail based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic Groups Active Roles Reporting Management History
Understanding Management History Management History configuration Viewing change history
Workflow activity report sections Policy report items Active Roles internal policy report items
Examining user activity
Entitlement Profile Recycle Bin AD LDS Data Management Managing Configuration of Active Roles
Connecting to the Administration Service Adding and removing managed domains Using unmanaged domains Evaluating product usage Configuring replication Using AlwaysOn Availability Groups Using database mirroring Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
Using regular expressions Administrative Template Communication ports

Steps for creating a Group Family

Group Family > Creating a Group Family > Steps for creating a Group Family

Creation of a Group Family is a two-step process that includes:

  1. Creating the Group Family configuration
  2. Running the Group Family to initially create or capture groups

The Active Roles console provides the New Group Family wizard for creating the Group Family configuration. The wizard creates a group, referred to as configuration storage group, and populates that group with the configuration data you specify. The wizard also allows you to run the Group Family immediately or schedule the Group Family to run on a regular basis.

To create the Group Family configuration and run the Group Family

  1. In the console tree, right-click the organizational unit in which you want to create the Group Family configuration storage group, and select New | Group Family to start the New Group Family wizard.
  2. Follow the instructions on the wizard pages.
  3. On the Name the Group Family page, specify a name for the Group Family.

The wizard creates the Group Family configuration storage group with the name you specify on this page.

  1. On the Grouping Options page, do one of the following, and then click Next:
    • Click Pre-configured grouping by, and then select a pre-configured grouping criteria from the list.
    • Click Custom Grouping to configure custom grouping criteria in later steps of the wizard.
  2. On the Location of Managed Objects page, do the following, and then click Next:
    • Click Add, and then select a container that holds the objects to be assembled into groups.
    • Click Remove to remove a selected container from the Containers list.
  3. On the Selection of Managed Objects page, do the following, and then click Next:
    • Select a type of objects by clicking one of the four topmost options; or click Other, and then click Specify to choose an object type from the Object Types list.
    • Click Filter, and complete the Filter dialog box (see instructions later in this topic).
    • Click Preview to view the list of objects that meet the specified conditions.
  4. On the Group-by Properties page, do the following, and then click Next:
    • Click Add, and select an object property from the Object property list.
  5. On the Capture Existing Groups Manually page, select Skip this step, without capturing groups manually, and then click Next.
  6. On the Group Naming Rule page, do the following, and click Next:
    • Click Configure, and complete the Configure Value dialog box (see instructions later in this topic).
    • Click Fine-tune Naming Rule, and complete the Fine-tune Naming Rule dialog box (see instructions later in this topic).
  7. On the Group Type and Scope page, do the following, and then click Next:
    • In the Group scope area, select a group scope.
    • In the Group type area, select a group type.
  8. On the Location of Groups page, do one of the following, and then click Next:
    • To have the Group Family create new groups in the OU that holds the Group Family configuration storage group, click Group Family home OU.
    • To have the Group Family create new groups in a different OU, click This organizational unit, and then click Select to choose the OU.
  9. On the Exchange-related Settings page, do the following, and then click Next:
    • Select or clear the Mail-enable groups created by Group Family as appropriate. If you select this check box, set up the Exchange-related options on this page.
  10. On the Group Family Scheduling page, do the following, and then click Next.
    • If you want the Group Family to run once you have completed the wizard, select Run Group Family once after completing this page.
    • If you want the Group Family to run on a schedule basis, select Schedule Group Family to run, and then set the appropriate date, time, and frequency of runs by using the options below this check box.
    • From the Run on this server list, select the Administration Service you want to run the Group Family.
  11. On the last page of the wizard, click Finish.

To complete the Filter dialog box

  1. Select an object property under Select Property.
  2. Select an operator from the Select operator drop-down list.
  3. In Specify value (case-insensitive), type in a value for the selected property.
  4. Click Add to add the filter condition that you have just specified, to the Conditions list.
  5. To add multiple filter conditions, repeat steps 1-4.

To complete the Configure Value dialog box

  1. Click Add.
  2. In the Add Entry dialog box, do one of the following, and then click OK:
    • To configure a text entry, click Text under Entry type, and then type a value in the Text value box.
    • To configure a group-by property entry, click Group-by Property under Entry Type, and then, under Entry properties, select a property from the list and do one of the following:
      • If you want the entry to include the entire value of the property, click All characters of the property value.
      • If you want the entry to include a part of the property value, click The first, and specify the number of characters to include in the entry.
  3. Optionally, do the following:
    • Add more entries, delete or edit existing ones, and use the arrow buttons to move entries up or down in the list.
    • Paste the Clipboard contents to the list of entries by clicking the button next to the Configured value box.
  4. Click OK.

To complete the Fine-tune Naming Rule dialog box

  1. Select the check box and click the Configure button next to the naming property that you want to configure, and then complete the Configure Value dialog box by using the procedure outlined above.
  2. Click OK.

Administering Group Family

Group Family > Administering Group Family

Most of the tasks related to Group Family administration are performed by using the Properties command on the groups used to store Group Family configurations. In the Active Roles console, such groups are marked with a special icon, to distinguish them from regular groups.

So, when you create a Group Family, a group is created to store the Group Family configuration. The group is assigned the name you have provided for the Group Family, and marked with the Group Family icon:

To facilitate Group Family administration, the Properties dialog box for a configuration storage group includes a number of Group Family-specific tabs:

  • General tab  Displays the name of the Group Family and allows the administrator to view or modify the description, group type, and group scope of the storage group.
  • Controlled Groups tab  Lists the groups that are under the control of the Group Family, and allows the administrator to view or modify the group-to-grouping links and group creation-related rules.
  • Groupings tab  Allows the administrator to view or modify the Group Family scope and the list of group-by properties.
  • Schedule tab  Displays Group Family schedule-related information, and allows the administrator to view or modify scheduling settings.
  • Action Summary tab  Displays information about the last run of the Group Family, and allows the administrator to view a log detailing results of the run.

These tabs are discussed in more detail later in this section.

NOTE: Changes to the regular, group-related properties of the configuration storage group do not affect the Group Family. For example, you can rename or move the configuration storage group without any impact on the process and results of Group Family operation. Renaming the configuration storage group only changes the display name of the Group Family.

The Action menu on each Group Family configuration storage group includes the Force Run command, so you can run the Group Family if you want to update it right away, without waiting for the scheduled run time.

Controlled groups

To help distinguish the groups that are under the control of a Group Family (controlled groups), the Active Roles console marks them with a special icon. For example, the following icon is used to indicate a global group that is under the control of a Group Family:

In addition, an explanatory text is added to the Notes field for such groups, stating that the Group Family will override any changes made directly to the group membership list.

In the Active Roles console, the Properties dialog box for controlled groups includes a Group Family-specific tab named Controlled By. From that tab, you can manage the configuration of the Group Family that controls the group.

The Controlled By tab displays the name and path of the group that stores the configuration of the Group Family. To view or change the configuration of the Group Family, click the Properties button.

So, there are two ways to access the Properties dialog box of the Group Family configuration storage group:

  • On the Controlled By tab in the Properties dialog box for any group controlled by the Group Family, click Properties
  • Right-click the Group Family configuration storage group, and click Properties

The following sections elaborate on the Group Family-specific tabs found in the Properties dialog box for the Group Family configuration storage group.

General tab

The General tab displays the Group Family name, and allows you to edit the description. This tab cannot be used to modify the Group Family name. You can change the name by using the Rename command on the Group Family configuration storage group.

By clicking the Storage Group Scope and Type (Advanced) button, you can view or modify the group scope and group type of the configuration storage group. Changes to these settings do not affect the Group Family. The group type and group scope are set to Security and Global by default, and normally need not be modified.

Related Documents