The Master Account Management policy defines a list of properties that appear on the master account but reflect the properties of the shadow account. These properties are referred to as substituted properties. When you use Active Roles to view properties of a master account, the policy causes Active Roles to retrieve the values of the master account’s substituted properties from the shadow account. When you use Active Roles to set or change a substituted property of a master account, the policy causes Active Roles to set or change the value of that property on the shadow account.
The policy does not allow you to narrow down the list of substituted properties. However, you can specify your custom list of substituted properties in addition to the default list. If you do so, the resulting list of substituted properties includes all properties from both the default list and your custom list.
|
edsva-Skype for Business-AccountExists edsva-Skype for Business-ArchivingPolicy edsva-Skype for Business-ClientPolicy edsva-Skype for Business-ClientVersionPolicy edsva-Skype for Business-ConferencingPolicy edsva-Skype for Business-DialPlanPolicy edsva-Skype for Business-Disable edsva-Skype for Business-Enable edsva-Skype for Business-ExchangeArchivingPolicy edsva-Skype for Business-ExternalAccessPolicy edsva-Skype for Business-HostedVoiceMail edsva-Skype for Business-IsEnabled edsva-Skype for Business-LineServerURI edsva-Skype for Business-LineURI edsva-Skype for Business-LocationPolicy edsva-Skype for Business-MasterAccount edsva-Skype for Business-MobilityPolicy |
edsva-Skype for Business-Move edsva-Skype for Business-MoveTargetRegistrarPool edsva-Skype for Business-PersistentChatPolicy edsva-Skype for Business-PIN edsva-Skype for Business-PINPolicy edsva-Skype for Business-PrivateLine edsva-Skype for Business-ReEnable edsva-Skype for Business-RegistrarPool edsva-Skype for Business-SIPAddress edsva-Skype for Business-SIPAddressType edsva-Skype for Business-SIPDomain edsva-Skype for Business-SIPUserName edsva-Skype for Business-TasksAllowed edsva-Skype for Business-TelephonyOption edsva-Skype for Business-TemporarilyDisable edsva-Skype for Business-VoicePolicy
|
The Master Account Management policy defines a list of properties to copy from the shadow account to the master account. By default, the list is empty. If you add a property to that list, the policy ensures that any changes to that property on the shadow account are replicated to the master account.
The Master Account Management policy causes Active Roles to perform the following actions depending on the change request submitted to the Active Roles Administration Service.
|
Request |
Actions |
|
Enable an existing Active Directory user for Skype for Business Server |
Active Roles retrieves the properties of the existing user (in the external forest), and then performs the following actions:
If the user from the external forest already has a shadow account (for example, created by Exchange Resource Forest Management), then the policy re-uses the existing shadow account instead of creating a new one. When creating the shadow account, Active Roles executes all policies that are applied to the container that holds the shadow account. |
|
Modify Skype for Business Server user properties of a master account |
If the change request includes any changes to substituted properties, Active Roles first makes the requested changes to the substituted properties of the shadow account. Next, Active Roles makes the requested changes to the properties of the master account, and then updates the synchronized properties of the shadow account with the new property values found on the master account. |
|
Deprovision a master account |
Active Roles deprovisions the master account, and then temporarily disables the shadow account for Skype for Business Server. |
|
Undeprovision a deprovisioned master account |
Active Roles undeprovisions the master account and then re-enables the shadow account for Skype for Business Server. For undeprovisioning master accounts to have an effect on shadow accounts, the container that holds deprovisioned master accounts must be in the scope of the Built-in Policy - Skype for Business - Master Account Management Policy Object (or a copy of that Policy Object). |
|
Delete a master account |
Active Roles deletes the master account, and then removes the shadow account from Skype for Business Server. |
The Master Account Management policy requires that shadow accounts be in the scope of the User Management policy provided by Skype for Business Server User Management. This enables Active Roles to perform the Skype for Business Server related actions on the shadow account.
Skype for Business Server User Management includes an Active Roles scheduled task that complements the Master Account Management policy to enforce synchronization of master and shadow account properties, and to capture existing Skype for Business Server users whose master account happens to fall under the control of that policy. The scheduled task object is in the Configuration/Server Configuration/Scheduled Tasks/Builtin container. The name of the object is Skype for Business - Master Account Management. The task is scheduled to run on a daily basis. Normally, you do not need to modify that scheduled task.
The operation of the task affects only the user accounts that are in the scope of the Built-in Policy - Skype for Business - Master Account Management Policy Object (or a copy of that Policy Object). When run, the task performs the following actions on each of those user accounts:
This action enables Skype for Business Server User Management to administer exiting Skype for Business Server users, possibly enabled for Skype for Business Server by using an earlier version of Skype for Business Server User Management or without the use of Skype for Business Server User Management.
This action ensures that the shadow account properties are updated with the latest changes to the master account properties and vice versa.
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy
