Chat now with support
Chat with Support

Active Roles 7.2 - Evaluator Guide

Introduction Test lab setup Managing users and groups Delegating administration Using Managed Units Using Active Roles policies Managing Exchange recipients Managing permissions in Active Directory Using dynamic groups Delegating computer resource management Using audit trail and reporting Using Active Roes replication Customizing the Web Interface

Using Active Roles policies

Using Active Roles policies

Using Active Roles policies

The examples in this section demonstrate how to configure provisioning policies, and allow you to see how provisioning policy enforcement works in Active Roles.

NOTE: The instructions in this section assume that you are logged on as an Active Roles Admin. The Active Roles Admin account is specified when installing the Administration Service, and defaults to the Administrators local group of the computer running the Administration Service.

Enforce user naming conventions

Using Active Roles policies > Enforce user naming conventions

This section describes how to enforce the following user naming conventions:

  • Full name must be ABC, where

    A consists of max 5 first characters of Last name; in case of long Last name, A consists of only the first 5 characters

    B consists of min 2 characters: numbering beginning with 00; in case of short Last name, filling characters are added: 000, 0000, so that AB consists of exactly 7 characters

    C consists of one first character of First name

    Example: ivano00a (ivano = 5 characters of Last name Ivanov; 00 = numbering; a = the first character of First name Andre)

  • User logon name must be the same as Full name
  • User logon name (pre-Windows 2000) must be the same as Full name

To enforce these naming conventions, you need to create and apply an Active Roles Policy Object.

Create and apply the Policy Object

Using Active Roles policies > Enforce user naming conventions > Create and apply the Policy Object

Perform the following steps to create and apply the Policy Object using the Active Roles console. First, you create the Policy Object, configure policy for the Full name property, and apply the Policy Object to your test domain. Next, you modify the Policy Object to add the policy for the User logon name and User logon name (pre-Windows 2000) properties.

To create and apply the Policy Object

  1. In the console tree, expand Configuration | Policies, right-click Administration, and select New | Provisioning Policy.
  2. On the Welcome page of the New Provisioning Policy Object wizard, click Next.
  3. In the Name box, type the name for the Policy Object: User Naming Conventions. Click Next.
  4. On the Policy to Configure page, select Property Generation and Validation. Click Next.
  5. On the Controlled Property page, click Select.
  6. In the Select Object Type and Property dialog box:
    1. From the Object type list, select User.
    2. From the Object property list, select Name.
    3. Click OK.
  7. On the Controlled Property page, click Next.
  8. On the Configure Policy Rule page, select the ‘Name’ must be <value> check box, and then click the item <click to add value> in the Edit policy rule box.
  9. In the Add Value dialog box, click Configure.
  10. In the Configure Value dialog box, click Add.
  11. In the Add Entry window:
    1. Under Entry type, click User Property.
    2. Under Entry properties, click Select, and then select Last Name from the Object property list. Click OK.
    3. Click The first, and then enter 5 in the box next to that option.
    4. Select the If value is shorter, add filling characters at the end of value check box, and then, in the Filling character box, enter 0.
    5. Click OK.
  12. In the Configure Value dialog box, click Add.
  13. In the Add Entry window, click Text, type 00, and click OK.
  14. In the Configure Value dialog box, click Add.
  15. In the Add Entry window:
    1. Under Entry type, click User Property.
    2. Under Entry properties, click Select, and then select First Name from the Object property list. Click OK.
    3. Click The first, and then enter 1 in the box next to that option.
    4. Click OK.
  16. In the Configure Value dialog box, click OK.
  17. In the Add Value dialog box, click OK.
  18. On the Configure Policy Rule page, click Next.
  19. On the Policy Description page, click Next.
  20. On the Enforce Policy page, click Add.
  21. In the Select Objects window, select your test domain, click Add, and then click OK.
  22. Click Next, and then click Finish.

Next, perform the following steps to configure policy for the User logon name and User logon name (pre-Windows 2000) properties.

To add policies to the Policy Object

  1. In the console tree, select Configuration | Policies | Administration.
  2. In the details pane, right-click User Naming Conventions and click Properties.
  3. On the Policies tab in the User Naming Conventions Properties dialog box, click Add.
  4. On the Welcome page of the Add Provisioning Policy wizard, click Next.
  5. On the Policy to Configure page, select Property Generation and Validation. Click Next.
  6. On the Controlled Property page, click Select.
  7. In the Select Object Type and Property dialog box:
    1. From the Object type list, select User.
    2. From the Object property list, select Account Name (UPN Prefix).
    3. Click OK.
  8. On the Controlled Property page, click Next.
  9. On the Configure Policy Rule page, select the ‘Account Name (UPN Prefix)’ must be <value> check box, and then click the item <click to add value> in the Edit policy rule box.
  10. In the Add Value dialog box, click Configure.
  11. In the Configure Value dialog box, click Add.
  12. In the Add Entry dialog box window:
    1. Under Entry type, click User Property.
    2. Under Entry properties, click Select, and then select Name from the Object property list. Click OK.
    3. Click OK.
  13. In the Configure Value dialog box, click OK.
  14. In the Add Value dialog box, click OK.
  15. On the Configure Policy Rule page, click Next.
  16. Click Next, and then click Finish.
  17. Repeat Steps 3‑16 with the following modification to configure policy for User logon name (pre-Windows 2000):
    • In Step 7, from the Object property list, select Logon Name (pre-Windows 2000).
  18. In the User Naming Conventions Properties dialog box, click OK.

Verify the naming conventions

Use the following steps to see how the naming conventions are enforced when you create a user account using the Active Roles console (MMC Interface).

To verify naming conventions using the Active Roles console

  1. In the console tree, right-click an OU in your test domain, and select New | User.
  2. Fill in the First name and Last name boxes.
  3. Verify that the console automatically fills in the Full name, User logon name, and User logon name (pre-Windows 2000) boxes in accordance with the user naming conventions.
  4. Complete the New Object - User wizard.
  5. Right-click the newly created user account, click Properties, and examine the Properties dialog box to verify that the user properties are in compliance with the naming conventions.

Use the following steps to see how the naming conventions are enforced when you create a user account using the Active Roles Web Interface.

To verify naming conventions using the Web Interface

  1. In the Web Interface for Administrators, select an OU from your test domain.
  2. In the right pane of the Web Interface page, click New User.
  3. Fill in the First Name and Last Name fields.
  4. Verify that the Web Interface automatically fills in the Name, User logon name, and User logon name (pre-Windows 2000) fields in accordance with the user naming conventions.
  5. Follow the steps in the wizard to complete the creation of the user account.
Related Documents