Active Directory Configuration

uManage works out of the box once it is initially configured. It can easily read attributes from the directory for each user. However it cannot update without some specific configuration on the directory. Luckily the setup is pretty easy and just a matter of delegating permissions to a service account user.

Note: You can use an administrator account to do this as well be we highly recommend following best practice and only doing this for test or development environments. You should delegate access in production.

Delegating User Control

  1. Access one of your Authoritative Domain Controllers.
  2. Open Active Directory Users and Computers Snap-In.
  3. Create a standard user account for a new user.
    1. We use a user called “User Manager” with a username of umanage.
    2. The account can reside anywhere in the directory, OU doesn’t matter.
  4. Right Click on the Domain container and select Delegate Control…
  5. When the Wizard opens click next to skip the welcome page
  6. Add the user you just created.
  7. Select the required delegated tasks.
    1. Select the common task called “Create, Delete and Manage user accounts.”
    2. Select the common task called "Modify the membership of a group."
  8. Click next to display a summary.
  9. Click finish to assign the delegation permissions.
  10. When you setup uManage use the user account you setup in these steps to connect to the domain, this account will perform all of the required updates and changes.

Last edited Aug 9, 2012 at 4:16 PM by rikishipabst, version 1

Comments

No comments yet.