Test the group scope restrictions
Perform the following steps to see how group type restrictions are enforced when you create a mail-enabled group using the Active Roles console.
To verify the group type restrictions
- In the console tree, right-click an OU in your test domain, and select New | Group.
- Type a name for the group.
- Under Group scope, click Universal.
- Click Next.
This will cause an error message to appear stating that you cannot create universal groups.
- Close the error message box.
- Under Group scope, click Global.
- Click Next and notice that no error message appears this time.
As you can see, the policy allows you to created a group with any scope except for universal.
Use a Home Folder Provisioning policy
This section describes how to configure Active Roles to automatically create or rename the user’s home folder on a certain file server when a user is created or renamed with Active Roles. In this scenario, renaming a user means modifying the User logon name (pre-Windows 2000) property of the user account.
NOTE: This scenario requires that the service account of the Administration Service be a member of the Administrators group of the file server on which you want Active Roles to manage home folders. You specify the service account in Active Roles Configuration Center when configuring the Administration Service (see Run Active Roles Configuration Center earlier in this document).
To implement this policy, you need to create and apply an Active Roles Policy Object.
Create and apply the Policy Object
Perform the following steps to create and apply the Policy Object using the Active Roles console.
To create and apply the Policy Object
- In the console tree, expand Configuration | Policies, right-click Administration, and select New | Provisioning Policy.
- On the Welcome page of the New Provisioning Policy Object wizard, click Next.
- In the Name box, type the name of the Policy Object: Handling Home Folders. Click Next.
- On the Policy to Configure page, select Home Folder AutoProvisioning. Click Next.
- On the Home Folder Management page:
- In the To box, type \\<Server>\<Home>\%USERNAME%, where <Server> is the name of your file server, <Home> is the name of a network share on your file server. The policy will create home folders in the network share you have specified.
- Select both the Apply this home folder setting when user account is created and Apply this home folder setting when user account is renamed check boxes.
- Ensure that the Create or rename home folder on file server as needed check box is selected.
- Click Next.
- On the Home Share Management page, click Next.
- On the Enforce Policy page, click Add.
- In the Select Objects window, select your test domain, click Add, and then click OK.
- Click Next, and then click Finish.
Test the Home Folder policy
Perform the following steps to see how Active Roles manages the user’s home folder when you create or rename a user account by using the Active Roles console.
To verify the home folder policy
- Using the Active Roles console, create a user account in any OU in your test domain.
- Right-click the user account created in Step 1 and click Properties.
- In the Properties dialog box, click the Profile tab.
- On the Profile tab, in the Home folder area, examine the home folder path: The path is identical to the network path you specified when creating the Policy Object, with the user logon name (pre-Windows 2000) substituted for %USERNAME%.
- On your file server, verify that the home folder is created.
- In the Properties dialog box for the user account, click the Account tab.
- Modify the value in the User logon name (pre-Windows 2000) box, and click Apply.
- On the Profile tab, in the Home folder area, examine the home folder path: The home folder name is identical to the new value of User logon name (pre-Windows 2000).
- On your file server, verify that the home folder is renamed.