Chat now with support
Chat with Support

Active Roles 7.2 - Administration Guide

Introduction About Active Roles Getting Started Rule-based Administrative Views Role-based Administration
Access Templates as administrative roles Access Template management tasks Examples of use Deployment considerations Windows claims-based Access Rules
Rule-based AutoProvisioning and Deprovisioning
About Policy Objects Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning E-mail Alias Generation Exchange Mailbox AutoProvisioning Home Folder AutoProvisioning Script Execution User Account Deprovisioning Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Workflows
Understanding workflow Workflow activities overview Configuring a workflow
Creating a workflow definition Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Example: Approval workflow E-mail based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic Groups Active Roles Reporting Management History
Understanding Management History Management History configuration Viewing change history
Workflow activity report sections Policy report items Active Roles internal policy report items
Examining user activity
Entitlement Profile Recycle Bin AD LDS Data Management Managing Configuration of Active Roles
Connecting to the Administration Service Adding and removing managed domains Using unmanaged domains Evaluating product usage Configuring replication Using AlwaysOn Availability Groups Using database mirroring Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
Using regular expressions Administrative Template Communication ports

Scenario 1: Implementing a Help Desk

Role-based Administration > Examples of use > Scenario 1: Implementing a Help Desk

This scenario shows how to use an Access Template that allows a Help Desk service to perform day-to-day operations on user accounts, such as resetting passwords, viewing user properties, locking and unlocking user accounts.

The scenario also involves a group to hold Help Desk operators. The Access Template is applied so that the group is designated as a Trustee, thus giving the administrative rights to the Help desk operators. When both the Access Template and group are prepared, you can implement a Help Desk administration in your enterprise.

Suppose you need to authorize the Help Desk to manage user accounts in the Sales organizational unit. To implement this scenario, you should perform the following steps:

  1. Prepare a Help Desk Access Template that defines the Help Desk operator permissions on user accounts.
  2. Create and populate a Help Desk group to hold the Help Desk operators.
  3. Apply the Help Desk Access Template to the Sales organizational unit, selecting the Help Desk group as a Trustee.

As a result of these steps, each member of the Help Desk group is authorized to perform management tasks on user accounts in the Sales organizational unit. The Help Desk Access Template determines the scope of the tasks.

The following sections elaborate on each of these steps.

Step 1: Preparing a Help Desk Access Template

Role-based Administration > Examples of use > Scenario 1: Implementing a Help Desk > Step 1: Preparing a Help Desk Access Template

For the purposes of this scenario, you can use the predefined Access Template Users – Help Desk, located in the folder Configuration/Access Templates/Active Directory. The Users – Help Desk Access Template specifies the necessary permissions to reset user passwords, unlock user accounts, and view properties of user accounts.

If you want to add or remove permissions from the Users – Help Desk Access Template, you need to first create a copy of that Access Template and then modify and apply the copy.

This scenario assumes that you apply the predefined Access Template Users – Help Desk.

Step 2: Creating a Help Desk group

To create a group, right-click an organizational unit in the console tree, select New | Group, and then follow the instructions in the New Object – Group wizard. The wizard includes the page where you can add members (Help Desk operators) to the group you are creating.

For step-by-step instructions on how to create groups, see “Steps for Creating a Group” in the Active Roles User Guide or Active Roles Help.

Step 3: Applying the Help Desk Access Template

Role-based Administration > Examples of use > Scenario 1: Implementing a Help Desk > Step 3: Applying the Help Desk Access Template

You can apply the Access Template using the Delegation of Control wizard.

First, you start the wizard on the Sales organizational unit: right-click the organizational unit, click Delegate Control, and then, in the Active Roles Security window, click the Add button.

Next, on the Users or Groups page of the wizard, add the Help Desk group to the list.

Next, on the Access Templates page of the wizard, expand Access Templates | Active Directory and select the check box next to Users - Help Desk, as shown in the following figure.

Figure 22: Access Template - Delegation of control

Click Next and accept the default settings in the wizard. On the completion page, click Finish. Finally, click OK to close the Active Roles Security window.

For more information about the Delegation of Control wizard, see Applying Access Templates earlier in this chapter.

Related Documents