Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

Identity Manager 8.1.4 - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Setting up Active Directory synchronization Basic data for managing an Active Directory environment
Account definitions for Active Directory user accounts Password policies for Active Directory user accounts Initial password for new Active Directory user accounts Email notifications about login data User account names Target system managers Editing a server
Active Directory domains Active Directory user accounts
Linking user accounts to employees Supported user account types Entering master data for Active Directory user accounts Additional tasks for managing Active Directory user accounts Automatic assignment of employees to Active Directory user accounts Updating employees when Active Directory user account are modified Automatic creation of departments and locations based on user account information Disabling Active Directory user accounts Deleting and restoring Active Directory user accounts
Active Directory contacts Active Directory groups
Entering master data for Active Directory groups Validity of group memberships Assigning Active Directory groups to Active Directory user accounts, Active Directory contacts, and Active Directory computers Additional tasks for managing Active Directory groups Deleting Active Directory groups Default solutions for requesting Active Directory groups and group memberships
Active Directory security IDs Active Directory container structures Active Directory computers Active Directory printers Active Directory locations Reports about Active Directory objects Configuration parameters for managing an Active Directory environment Default project template for Active Directory

Assigning Active Directory groups to departments, cost centers and locations

Assign the group to departments, cost centers and locations so that the group can be assigned to user accounts, contacts, and computers through these organizations.

To assign a group to departments, cost centers, or locations (non role-based login)

  1. In the Manager, select the Active Directory | Groups category.

  2. Select the group in the result list.

  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

To assign groups to a department, cost center, or location (role-based login)

  1. In the Manager, select the Organizations | Departments category.

    - OR -

    In the Manager, select the Organizations | Cost centers category.

    - OR -

    In the Manager, select the Organizations | Locations category.

  2. Select the department, cost center, or location in the result list.

  3. Select the Assign Active Directory groups task.

  4. In the Add assignments pane, assign groups.

    TIP: In the Remove assignments pane, you can remove the assignment of groups.

    To remove an assignment

    • Select the group and double-click .
  5. Save the changes.
Related topics

Assigning Active Directory groups to business roles

Installed modules: Business Roles Module

Assign the group to business roles so that it is assigned to user accounts, contacts, and computers through this business role.

To assign a group to a business role (non role-based login)

  1. In the Manager, select the Active Directory | Groups category.

  2. Select the group in the result list.

  3. Select the Assign business roles task.

  4. In the Add assignments pane, assign business roles.

    TIP: In the Remove assignments pane, you can remove assigned business roles.

    To remove an assignment

    • Select the business role and double-click .

  5. Save the changes.

To assign groups to a business role (non role-based login)

  1. In the Manager, select the Business roles | <role class> category.

  2. Select the business role in the result list.

  3. Select the Assign Active Directory groups task.

  4. In the Add assignments pane, assign groups.

    TIP: In the Remove assignments pane, you can remove the assignment of groups.

    To remove an assignment

    • Select the group and double-click .
  5. Save the changes.
Related topics

Assigning Active Directory user accounts directly to Active Directory groups

Groups can be assigned directly or indirectly to user accounts. Indirect assignment is done by allocating the employee and groups into company structures such as departments, cost centers, locations, or business roles. If the employee has a user account in Active Directory, the groups in the role are inherited by this user account.

To react quickly to special requests, you can assign groups directly to user accounts.

To assign a group directly to user accounts

  1. In the Manager, select the Active Directory | Groups category.

  2. Select the group in the result list.

  3. Select the Assign user accounts task.

  4. In Add assignments pane, assign user accounts.

    TIP: In the Remove assignments pane, you can remove assigned user accounts.

    To remove an assignment

    • Select the user account and double-click .
  5. Save the changes.
NOTE: The primary group of a user account is already assigned and is marked as Does not apply yet. Edit the user account's master data to change its primary group.
Related topics

Assigning Active Directory contacts directly to an Active Directory group

Groups can be assigned directly or indirectly to a contact. Indirect assignment is done by allocating the employee and groups into company structures such as departments, cost centers, locations, or business roles. If the employee has a contact in Active Directory, the groups in the role are inherited by this contact.

To react quickly to special requests, you can assign groups directly to contacts.

To assign a group directly to contacts

  1. Select the Active Directory | Groups category.
  2. Select the group in the result list.
  3. Select the Assign contacts task.
  4. In the Add assignments pane, assign the contacts.

    - OR -

    In the Remove assignments pane, remove the contacts.

  5. Save the changes.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating