Chat now with support
Chat with Support

Active Roles 8.1.2 - Console User Guide

Introduction Getting started User or service account management Group management Computer account management Organizational Unit management Contact management Exchange recipient management

Blocking and unblocking a user account

To prevent a particular user from logging on, you can block the user account as a security measure instead of deleting it. You can block and unblock Active Directory user accounts with the Active Roles Console.

To block a user account

  1. In the Console tree, locate and select the folder that contains the user account you want to block.

  2. In the details pane, right-click the user account and click Disable Account.

NOTE: Consider the following when blocking a user account:

  • To prevent particular users from logging on for security reasons, the administrator can block user accounts instead of deleting user accounts.

  • The Disable Account command appears if the account is enabled and thus can be used for login; otherwise, the Enable Account command appears on the menu. By using the Enable Account command the administrator can change the status of the blocked account to allow the user to log in with that account.

  • To locate user accounts for blocking, use the Find function of Active Roles. Once you found the users, block them by selecting the accounts in the list of search results, right-clicking the selection, and clicking Disable.

  • Since the Copy function ensures that the copy of a user account belongs to the same groups as the original user account, you can create a blocked user account that belongs to certain groups, then make copies of that account to simplify the creation of user accounts with common group memberships.

You can unblock a blocked user account with the Active Roles Console. The Enable Account command only appears for deactivated accounts, marked with the icon.

To unblock a blocked user account

  1. In the Console tree, locate and select the folder that contains the user account you want to unblock.

  2. In the details pane, right-click the user account and click Enable Account.

NOTE: Consider the following when unblocking a user account:

  • The Enable Account command appears if the account is blocked and cannot be used for login; otherwise, the Disable Account command appears in the menu. To prevent particular users from logging in for security reasons, block user accounts with the Disable Account command.

  • To locate user accounts for unblocking, use the Find function of Active Roles. Once you found the users, unblock them by selecting the accounts in the list of search results, right-clicking the selection, and clicking Enable Account.

Resetting a user password

You can reset the password of a Active Directory user account with the Active Roles Console.

To reset a user password

  1. In the Console tree, locate and select the folder that contains the user account whose password you want to reset.

  2. In the details pane, right-click the user account whose password you want to reset, then click Reset Password to display the Reset Password dialog.

  3. Type and confirm the password, or click the button next to the New password box to have Active Roles generate a password.

    Figure 8: Reset Password

  4. Configure the available password options with the appropriate check boxes. For example, if your organization requires users to change the reset password during their next login, select User must change password at next logon.

  5. When finished, click OK.

NOTE: Consider the following when resetting a user password:

  • To spell out the specified or auto-generated password, click the Spell out password button.

  • Services that are authenticated with a user account must be reset if the password for the service’s user account is changed.

  • To locate the user account whose password you want to reset, use the Find function of Active Roles. Once you found the user account, reset its password by selecting it in the list of search results, right-clicking it, and clicking Reset Password.

Adding a user account to a group

You can add Active Directory user accounts to a group with the Active Roles Console.

To add a user account to a group

  1. In the Console tree, locate and select the folder that contains the user account you want to add to a group.

  2. In the details pane, right-click the user account, then click Add to a Group.

  3. Use the Select Objects dialog to locate and select the group to which you want to add the user account (you can select more than one group).

NOTE: Consider the following when adding an object to a group:

  • In the Select Objects dialog, you can select groups from the list or type group names, separating them with semicolons. Click Check Names to verify the names you type. If Active Roles cannot find a group, it prompts you to correct the name.

  • You can add multiple objects to a group at a time: Select the objects, right-click the selection, and click Add to a Group. To select multiple objects, press and hold down Ctrl, then click each object.

    When you select multiple objects, the Member Of tab lists the groups to which all the selected objects belong. If one of the objects does not belong to a given group, that group does not appear in the list.

  • You can also add or remove objects from groups by using the Properties dialog: Select one or more objects, right-click the selection, click Properties, and go to the Member Of tab in the Properties dialog.

  • On the Member Of tab, you can manage groups directly from the list of groups. To manage a group, right-click it, and use commands on the shortcut menu.

  • The Member Of tab lists the groups to which the object belongs. If the Show nested groups check box is selected, the list also includes the groups to which the object belongs owing to group nesting.

  • You can also add the object to groups by clicking Add on the Member Of tab. This displays the Select Objects dialog, allowing you to select the groups to which you want to add the object.

  • The Temporal Membership Settings button can be used to specify the date and time when the object should be added or removed from the selected groups. For more information about this feature, see Using temporal group memberships.

  • By adding an object to a group, you can assign permissions to all of the objects in that group and filter Group Policy settings on all objects in that group.

  • To locate objects you want to add to a certain group, use the Find function of Active Roles. Once you found the objects, select the accounts in the list of search results, right-click the selection, and click Add to a Group.

Figure 9: Adding user accounts to groups

Removing a user account from a group

You can remove user accounts from Active Directory groups with the Active Roles Console.

To remove a user account from a group

  1. In the Console tree, locate and select the folder that contains the user account you want to remove from a group.

  2. In the details pane, right-click the user account, then click Properties.

  3. On the Member Of tab in the Properties dialog, clear the Show nested groups check box, select the group from which you want to remove the user account, and click Remove.

NOTE: Consider the following when removing an object from a group:

  • If you have not cleared the Show nested groups check box, the list on the Member Of tab also includes the groups to which the object belongs indirectly, that is, because of group nesting. If you select such a group from the list, the Remove button is unavailable. An object can be removed only from those groups of which the object is a direct member.

  • You cannot remove objects from their primary groups. Instead, you can change the primary group of an object. To do so, on the Member Of tab, select a different group from the list, then click Set Primary Group.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating