The Active Roles console allows you to disable a gMSA so that the gMSA cannot be used for logon. For a disabled gMSA, you can use the console to re-enable that gMSA.
To disable or re-enable a gMSA
Alternatively, you can use the Disable Account or Enable Account command on the gMSA object to disable or re-enable the gMSA.
Groups are Active Directory objects used to collect users, contacts, computers, and other groups into manageable units. There are three kinds of groups:
In this document, security and distribution groups are collectively referred to as groups. As for Query-based distribution groups, these are considered a separate category of groups.
Each group has a scope: universal, global, or domain local.
A group can be a member of another group. This is referred to as group nesting. Group nesting increases the number of affected member accounts and thus consolidates group management. Accounts that reside in a group nested within another group are indirect members of the nesting group.
Active Roles provides the facility to perform administrative tasks such as create copy, rename, modify, and delete groups. It can also be used to add and remove members from groups and perform Exchange tasks on groups.
The following section describes how to use the Active Roles console to manage groups. You can also use the Active Roles Web Interface to perform the group management tasks.
This section covers the following tasks:
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy