Identity Manager 8.0.1 - Administration Guide for Connecting to Active Directory

Managing Active Directory Environments Setting up Active Directory Synchronization Base Data for Managing Active Directory Active Directory Domains Active Directory User Accounts Active Directory Contacts Active Directory groups Active Directory Security IDs Active Directory Container Structures Active Directory computer Active Directory Printers Active Directory Locations Reports about Active Directory Objects Appendix: Configuration Parameters for Managing Active Directory Appendix: Default Project Template for Active Directory Appendix: Authentication Modules for Logging into the One Identity Manager

Profile and Home Directories

Table 44: Configuration Parameters for Setting Up User Directories
Configuration parameter Meaning

QER\Person\User\ConnectHomeDir

This configuration parameter specifies whether the home directory should also be mounted when the user logs in.

Enter the data for the user's home and profile directories. Some of the following data for the home directory is automatically preset if the configuration parameter "QER\Person\User\AccessRights\HomeDir" is set. When you enter a profile directory, a new user profile is created through One Identity Manager Service that is loaded over the network when the user logs on.

Enter the following master data on the Profile tab.

Table 45: Master Data for a User Directory
Property Description

Home server

Home server. You can select the home server depending on the number of home directories per home server that already exist (according to the database). If you assigned an account definition, the home server is determined from the current IT operating data for the assigned employee depending on the manage level.

Home share

The share that is stored under the user’s home directory on the home server. Default is HOMES.

Home directory path

Name of the home directory for the user under the home share. By default, the login name (pre Windows 2000) is used to format the home directory path.

Home shared as

Home directory share. This share is formatted using the default home directory path.

Home drive

The drive to be connected when the user logs in. The default domain home drive is used.

Home directory

The user's home directory. The given home directory is automatically added and shared by the One Identity Manager Service.

Size home directory [MB]

Size of the home directory in MB. Find the size of the home directory by running the schedule supplied by default. Configure and enable the schedule "Load size of home folder for user accounts" in the Designer.

Maximum home storage space [MB]

Maximum size for the home directory on the home server in MB.

Profile Server

Profile server. If you assigned an account definition, the profile server is determined from the current IT operating data for the assigned employee depending on the manage level.

Profile share

The share that is stored under the user’s profile directory on the profile server. Default is PROFILES.

Profile shared as

Profile directory share.

Profile directory path

Name of the profile directory for the user under the profile share. By default, the login name (pre Windows 2000) is used to format the profile directory path.

Login script

Name of the login script. If the script is in a subdirectory of the login script path (normally Winnt\Sysvol\domain\scripts), you need enter the subdirectory as well. The given login script is executed when the user logs in.

Related Topics

Active Directory User Account Login Data

Active Directory User Account Login Data

Enter the following master data on the Log in tab.

Table 46: Login Data
Property Description

Last login

Date of last login. The date is read in from the Active Directory system and cannot be changed manually.

Login workstation

Workstation on which the user can log in. A user can log in on all workstations by default.

Select the button next to the input field to activate it and add workstations. Use the button to remove workstations from the list.

Login times

Times and days on which the user is allowed to be logged in. By default, login is permitted at all hours and every day of the week. If a user is logged in, the login is disconnected at the end of the valid login period.

The calendar shows a 7-day week, each box represents one hour. The configured login times are shown in color, respectively. If a box is filled, login is allowed. If the box is empty, login is refused.

To specify login times

  • Select a time period with the mouse or keyboard.
  • Use the Assign button to permit logins at the specified times.
  • Use the Remove button to deny logins at the specified times.
  • Use the Reverse button to invert the selected time period.
  • Use the arrow keys to reset or repeat a selection.

Remote Access Service Dial-in Permissions

Note: Remote Access Service (RAS) are only synchronized and provisioned if the option Enable RAS properties is set.

Allocate remote dial-up permissions for the user account in the network and specify the callback option. The following data can be edited depending on the selected domain mode (mixed or native).

Enter the following master data on the RAS tab.

Table 47: Remote Access Service
Property Description

Dial-up permitted

Specifies whether the user may dial up the network. Permitted values are:

Allow access

This permits the user to dial up the network.

Deny access

With this users are not allowed to dial up the network.

Control access through Remote Access Policy

This data specifies that access to the network is controlled over RAS guidelines. RAS guidelines are usually used to apply the same access permissions to several Active Directory user accounts.

No callback

The callback function is switched off by this option.

Set by caller

The server expects the user to input the number that he can be called back on.

Always callback

The server tries to call the user back over the given number.

Verifying caller ID A predefined number with which the user should dial into the network.
Static IP address Fixed IP address in the network which is assigned to the user.
Static routes with IP address, network address and metric

Target network IP addresses, network addresses and metrics for dialing in over fixed routes.

Related Topics

Connection Data for a Terminal Server

Table 48: Configuration Parameters for Terminal Server Properties
Configuration parameter Active Meaning

QER\Person\User\ConnectHomeDir

This configuration parameter specifies whether the home directory should also be mounted when the user logs in.

Note: Terminal server properties are only synchronized and provisioned if the option Enable terminal server properties is set.

Enter the following data for adding a user profile, which will be made available for logging the Active Directory user account on to a terminal server. A profile directory can be provided, which is available to the user to log on to a terminal server for terminal server sessions. A home directory can be added on the terminal server in the same way.

Enter the following data on the Terminal service tab.

Table 49: Master Data for a Terminal Server
Property Description

Login permitted on terminal server

Specifies whether terminal server login is allowed. Enable this option to allow a user to log on to a terminal server.

Use own configuration

Specifies whether a start up program can be defined. Enable this option to specify a program, which should be started when you log on to the terminal server and enter the program's command line and working directory.

Note: If this data is inherited from the client, disable this option.

Command line

Command line to start the program.

Working directory

Working directory of program to start.

Connect client drives at login Specifies whether client drive connections should automatically be restored when logging into a terminal server.

Connect client printers at login

Specifies whether client printer connections should automatically be restored when logging on to a terminal server.

Client default printer

Specifies whether default printer connections should automatically be restored when logging into a terminal server.

Active session limit [min]

Maximum connection time in minutes. After the time is exceeded the connection to the terminal server is detached or ended.

End disconnected session [min]

Time period in minutes for maintaining a disconnected connection.

Idle session limit [min]

Maximum time without client activity before the connection is detached or ended.

Connect disconnected session from previous client

Specifies whether a disconnected session can be restored from an arbitrary client computer.

End session if connection is interrupted

Specifies whether a session should be returned to a disconnected state if the connection is interrupted.

Enable remote control

This option specifies whether remote monitoring or control is activated for this session.

Get permission of user

You specify whether permission needs to be obtained for the user to monitor the session.

Display user session

Specifies whether to monitor the user session

Interact with session

Specifies whether the person monitoring can input data into the session over the keyboard or the mouse.

Profile Server

Profile server. If you assigned an account definition, the profile server is determined from the current IT operating data for the assigned employee depending on the manage level.

Profile share

The share that is stored under the user’s profile directory on the profile server. Default is TPROFILES.

Profile directory path

Name of the profile directory for the user under the profile share. By default, the login name (pre Windows 2000) is used to format the profile directory path.

Profile path

The full path to the user’s profile directory.

Home server

Home server. If you assigned an account definition, the profile server is determined from the current IT operating data for the assigned employee depending on the manage level.

Home share

The share that is stored under the user’s home directory on the home server. Default is THOMES.

Home directory path

Name of the home directory for the user under the home share. By default, the login name (pre Windows 2000) is used to format the home directory path.

Shared as

Home directory share. This share is formatted using the default home directory path.

Home drive

The drive to be connected when the user logs in. The default domain home drive is used.

Home directory

Home directory. The given home directory is automatically added and shared by the One Identity Manager Service.

Related Topics
Related Documents