Managing your personal account
The User Profile Editor section in the Web Interface site for self-administration gives you a convenient way to display and update your own identity information, such as your telephone numbers or mail address in your user account. The contents of the pages in the User Profile Editor section can be customized by the Active Roles administrator, who can add new elements to the pages, modify or remove existing elements, and regroup related elements on different tabbed pages.
To view or modify your user account
- In your Web browser, go to the address (URL) of the Web Interface site for self-administration.
By default, the address is http://<server>/ARWebSelfService where <server> stands for the name of the server running the Web Interface.
- On the Web Interface Home page, click User Profile Editor.
- Use the page provided by the Web Interface to view or modify your user account.
- Click the Save button to apply your changes.
It’s up to the Active Roles administrator to determine what information you are authorized to view or modify on the User Profile Editor page. Some fields on the page might not be editable. The fields that you are not permitted to modify appear on the page as read-only text. The properties that you are not permitted to view are not displayed on the User Profile Editor page.
Managing Active Directory objects
The Directory Management section of the Web Interface allows you to browse for, and administer, directory objects in your organization. You can navigate through containers in the directory; view, filter and select objects held in the container; and apply commands to the selected object or container.
Whether you can perform a certain management task depends upon permissions granted to your user account, and the Web Interface customization settings.
A general procedure for performing a Directory Management task is as follows.
To perform a management task
- On the Navigation bar, click Directory Management.
- On the Views tab in the Browse pane, click one of the following:
- To manage objects in Active Directory containers, such as domains or organizational units, click Active Directory. This displays a list of Active Directory domains.
- To manage directory objects in a certain Managed Unit, click Managed Units. This displays a list of Managed Units.
- In the list of objects, do one of the following:
- To navigate to a container, such as an organizational unit, click the name of that container.
- To perform a command that applies to the current container, click that command in the Command pane under the name of the current container.
- To perform a command on a particular object held in the current container, select the check box next to the name of that object, and then click the command in the top area of the Command pane, under the name of the object.
- To perform a command on two or more objects at a time, select the check box next to the name of each object, and then click the command in the top area of the Command pane.
NOTE: In the list of objects, clicking the name of a leaf object such as a user or group, displays a page where you can view or modify object properties; clicking a container object such as a domain or an organizational unit, displays a list of objects held in that container.
When you perform a management tasks, the Web Interface supplements and restricts your input based on policies and permissions defined in Active Roles. The Web Interface displays the data generated by policies, and prevents the input of data that would cause policy violations. The following rules apply:
- If a policy requires that a value be specified for a particular property, the name of the field for that property is marked with an asterisk (*).
- If a policy imposes any restrictions on a property, an information icon is displayed next to the name of the field for that property. Click the icon to view policy information, which you can use to enter an acceptable value.
- When you specify a property value that violates a policy, and click Save, the Web Interface displays an error message. Review the error message and correct your input.
- Pages for object creation must include the entries for all required properties. Otherwise, the Web Interface fails to create the object. For information on how to configure forms, see “Configuring forms” in the Active Roles Web Interface Administration Guide.
- Object property pages display the values of the properties for which you have the Read permission. You can modify only those properties for which you have the Write permission. The properties for which you only have the Read permission are displayed as read-only.
- The Command pane includes only the commands that you are permitted to use.
- The list of objects includes only the objects that you are permitted to view.
In the Web Interface, you can select multiple objects (such as users, groups and computers), and then apply a certain command to your selection of objects. This allows you to perform a batch operation on all the selected objects at a time instead of executing the command on each object separately. The Web Interface supports the following batch operations:
- Delete Allows you to delete multiple objects at a time.
- Deprovision Allows you to deprovision multiple users or groups at a time.
- Move Allows you to move a batch of objects to a different organizational unit or container.
- Add to groups Allows you to add a batch of objects to one or more groups of your choice.
- Update object attributes Allows you to perform bulk attributes operations on multiple users at a time.
- Reset Password Allows you to reset the password for multiple users at a time.
Batch operations are available in the list of objects on the following Web Interface pages:
- Search This page lists the search results when you perform a search.
- View Contents This page displays the objects held in a given organizational unit, Managed Unit, or container.
To perform a batch operation, select the check box next to the name of each of the desired objects in the list, and then click a command in the top area of the Command pane. This executes the command on each object within your selection.
NOTE: Active Roles administrators can customize Web Interface by adding and removing commands, and modifying pages associated with commands. For more information, see “Customizing the Web Interface” in the Active Roles Web Interface Administration Guide.
Example 1: Enabling a user account
This topic demonstrates how to enable a disabled user account by using the Web Interface.
To enable a disabled user account
- Locate the user account you want to enable. For instructions on how to locate objects in the Web Interface, see Locating directory objects earlier in this document.
- In the list of objects, select the user account you want to enable.
- In the Command pane, click Enable Account.
NOTE: If the user account is not disabled, the Command pane includes the Disable Account command instead of the Enable Account command.