EV Reach Console - Administration and Diagnostics - Managing Active Directory Objects

Last modified on 2023/07/12 14:02
Contents

The EV Reach console offers an Active Directory management tool which enables operators to search, and manage Microsoft Active Directory objects.

Note: If EV Reach is installed on a stand-alone machine, or if multiple active directory forests exist, you can configure EV Reach to bind to individual AD forests using the  AD Forest Selector.

Managing Active Directory Objects

Creating Accounts & Groups

You can create organizational units, user, machine or group accounts from within the Network Browser panel or from within the object view currently opened.

  1. Click on the Add New button in the Controls Bar and select the account type to create.

    image10-4.png

Note: If you are in the Object View, you can only create an object of the view type selected.

2. The  New Object Wizard starts to prompt you for the object information. Go through the wizard and enter the necessary information to create the new object.

Moving Objects

You can move any type of Active Directory objects, including entire OUs.

  1. Select one or more objects from the view (to select multiple objects, use the Ctrl or Shift keys).
  2. Right-click on the mouse and select the Account Management > Move... command.
  3. Select the destination container and click on OK.

Renaming Objects

In The Network Browser View

To rename or change the description of an organizational unit, select it and single click within the field to be edited or press the F2 key. This activates in-place editing of the field. Change the string within the field and press the Enter key or click outside of the edit field to validate the change.

In The Network Browser View

To rename an account or modify its information, select it and single click within the field to be edited or press the F2 key. This activates in-place editing of the field. Change the string within the field and press the Enter key or click outside of the edit field to validate the change. You can also right click on the mouse and select Rename or Edit from the context sensitive menu.

Note: You can also rename computer accounts - see: System Information.

Deleting Objects

  1. Select one or more objects from the view (to select multiple objects, use the Ctrl or Shift keys).
  2. Right-click on the mouse and select the Account Management  > Delete command.
  3. Click on OK.

Modifying Account Settings

You can modify the settings of user accounts, machine accounts and groups. This can only be done from within the Object View.

User Account Settings

In the Users View, double click on the object, then double click on Account Information,  right-click the user and select Account Management > Properties

See Find out more

Computer Account Settings

In the Computers View, right-click on a computer object and select Account Management > Account Information, or open the System Information window of the computer and click on the view domain account properties link under the Network Settings category.

See Find out more

Group Account Settings

In the Groups View, double click on a group object to open its account information window.

See Find out more

Managing Domain Account Policy

To open the Domain Policy window of a domain, click on the Account Policy button of the ribbon bar. In the Network Browser View, you can also right click on a domain object and select View Domain Account Policy.

image11-4.png

The available policy sets are:

  1. Account Password Policy (determines settings for passwords such as enforcement and lifetimes)
  2. Account Lockout Policy (determines when and for whom an account will be locked out of the system)

To modify a policy setting, click on its value in the right column. Remember that the changes will apply to all accounts in the domain.

Managing Multiple AD Domains or Forests

If EV Reach doesn't automatically detects the Active Directory forest that you wish to manage, you can manually configure EV Reach to point to it using the Active Directory Forest Selector.

Configuring an AD Forest

  1. Open the EV Reach Operator Console and click on the Active Directory Forest Selector button located at the top right corner of the application.
  2. Click on the Add / Remove Forest option to open the Forest Selection Manager.
  3. Click on the Add button and enter the name or IP address of a Global Catalog server which belongs to the forest to be added, then press the Enter key. EV Reach automatically queries this server and displays the name of the root domain.

    image16-4.png

  4. If prompted, enter the credentials to use in order to connect to the global catalog server. You should enter an account which holds sufficient privileges to at least query active directory information.
  5. Repeat step 3 for each Forest to be added.
  6. Close the Forest Selection Manager.

Setting Focus to an AD Forest

Once you have configured the forests in the Forest Manager, use the Active Directory Forest Selector menu to switch from one Forest to another. Please note that switching to a new forest will reset all views.

image17-4.png

What is Server-Less Binding?

Server-less binding is the act of querying Active Directory without specifying a server. If no server is specified, the registered Active Directory provider of your machine automatically selects a global catalog server from the forest your machine belongs to. This is the default behavior EV Reach adopts.

Once you have configured one or more forests, the Forest Selector toolbar automatically displays the << serverless binding>> entry. Select this entry to resume the original EV Reach behavior.

Note: Server-less binding will not work if your machine doesn't belong to an active directory domain.

Configuring Active Directory Credentials

It is recommended to configure domain credentials for EV Reach to use when querying and managing objects from the selected AD forests.

To do so, open the EV Reach Alternate Credential Manager, and configure domain wide credentials.

Tags:
Powered by XWiki © EasyVista 2022