| a) | Active Directory Server | URL address of Active Directory (AD) server. |
| b) | Connectivity | Shows health of connection to AD server |
| c) | Last Scan | Date of last AD scan. |
| d) | Next Scan | Date of next AD scan scheduled. |
AD scan is initiated by clicking the Scan Now button. Once scan is complete, hierarchy of accounts / groups / devices in organization as described in Active Directory will be shown.
Items that are gray in color indicate these are not defined in AD but are defined only in .
To see devices in a group, double click the group in the list. A popup will show all devices in that group.
Ever account / group / device can be put to Accept / Reject state to choose whether it should be imported to . Upon setting an item to Reject state, a pop-up will prompt the user whether it should be added to Exclude List. Refer below table:
| Accept | Yes | Yes |
| Reject | No | Yes |
| Add to Exclude List | No | No |
If an account is set to Reject , all groups and devices under it will be set to Reject as well.
If a group is set to Reject , all devices under it will be set to Reject as well.
Once done setting Accept / Reject as required, click Save Changes to start import to .
Select the preferred scanner from drop-down menu:
| a) |
Run scan from server |
Use when it is okay to have AD server credentials provided to . This will enable server to scan the AD and fetch hierarchy information. |
| b) |
Designate agent to perform active directory scan |
For an AD, if any of its endpoint devices has a agent already installed in it, select that endpoint device from the drop-down menu. After filing in AD credentials (explained in later sections), the agent in the device selected will scan the AD and fetch hierarchy information. |
| c) |
Setup new agent to perform active directory scan |
For an AD, if none of its endpoint devices have agent installed, you may download agent for any particular account, or for All Accounts from the drop-down list (in this latter case, zip file containing agent installer for each account will be downloaded). A minimum of one agent has to be installed. After filing in AD credentials (explained in later sections), the agent in the device selected will scan the AD and fetch hierarchy information. |
| a) | Server URL |
AD server address that should contact. |
| b) | Connection type |
If SSL is selected, SSL Certificate has to be provided. Additionally, you may choose to verify SSL certificate while attempts to connect to AD server. If No SSL is selected, you do not have to provide SSL Certificate and consequently option to verify SSL certificate will be absent. |
| c) | Certificate |
SSL certificate to use when attempts to connect to AD server. |
| d) | verify SSL |
When selected, the SSL Certificate will be verified to be valid while attempts to connect to AD server. Only if it is valid, will the connection to AD server will be setup. |
| e) | User Name | Username to use while setting up AD server connection. |
| f) | Password | Password string to use while setting up AD server connection. |
can do scheduled AD scan and use the results to present changes in the Domain Server to administrator or (if Auto Sync is enabled as shown in later section) automatically import changes in Domain Server about organization hierarchy.
| a) | Daily |
Every day at a specific HH:MM time, an AD scan will be done by . |
| b) | Weekly |
On specific day/s every week, at HH:MM time, an AD scan will be done. |
| c) | Monthly |
On specific day/s of every month, at HH:MM time, an AD scan will be done. |
If Auto sync is enabled, the following steps happen automatically after every AD scan operation:
a) All the edits in AD hierarchy of items will be fetched and used to update accounts / groups / devices relations.
b) Items in Exclude List will not be considered for changes among AD hierarchy and will not be imported.
c) Changes in accounts / groups / devices relations in will not get reflected in AD hierarchy.
This may be done after AD scan is done and organization hierarchy is imported into .
The drop-down lists will show the accounts / groups / devices that may be added to Entries in the text boxes maybe removed from as well.
Lists logs of all actions associated with an Active Directory. It will display detailed information such as Job code, Date, Organization, Account, User, and Message. If the audit logs are more, users can apply filters to view specific sections of the logs. Users can filter for Account, Users, Date range, and the number of lines you want to limit the log file.
| Job Code | Events |
|---|---|
| 12000 | Active Directory Management |
| 12001 | Initiate AD Scan |
| 12002 | Create AD Configuration |
| 12003 | Update AD Configuration |
| 12004 | Delete AD Configuration |
| 12005 | Delegate User |
| 12006 | Update Delegated User |
| 12007 | Delete Delegated User |
| 12008 | Apply AD Scan Data Initiated |
| 12009 | Applied AD Scan Data |
| 12010 | Create AD Device |
| 12011 | Remove AD Device |
| 12012 | Move AD Device |
| 12013 | Create AD Group |
| 12014 | Remove AD Group |
| 12015 | Create AD Account |
| 12016 | Remove AD Account |
| 12017 | Save AD Scan Data |
| 12018 | AD Deployment Failure |
| 12019 | Create AD Account Failed |
| 12020 | Remove AD Account Failed |
| 12021 | Create AD Device Failed |
| 12022 | Remove AD Device Failed |
| 12023 | Move AD Device Failed |
| 12024 | Create AD Group Failed |
| 12025 | Remove AD Group Failed |
| 12026 | Rename AD Device |
| 12027 | Rename AD Device Failed |
| 12028 | Rename AD Account |
| 12029 | Rename AD Account Failed |
| 12030 | Rename AD Group |
| 12031 | Rename AD Group Failed |