Users Guide
b. Select the check boxes corresponding to the groups be imported, and then click the >> or << buttons to add or remove the
groups.
4. In the Groups to be Imported section:
a. Select the check boxes of the groups, and then select a role from the Assign Group Role drop-down menu. For more information
about the role-based access, see Role-based OpenManage Enterprise user privileges on page 14.
b. Click Assign.
The users in the group under the selected directory service are assigned with the selected user roles.
5. Repeat steps 3 and 4, if necessary.
6. Click Import.
The directory groups are imported and displayed in the Users list. However, all users in those groups will log in to OpenManage
Enterprise by using their domain username and credentials.
It is possible for a domain user, for example john_smith, to be a member of multiple directory groups, and also for those groups to be
assigned different roles. In this case, the user will receive the highest level role for all the directory groups the user is a member of.
• Example 1: The user is a member of three groups with admin, DM, and viewer roles. In this case, user becomes an administrator.
• Example 2: The user is a member of three DM groups and a viewer group. In this case, the user will become a DM with access to the
union of device groups across the three DM roles.
Add or edit Active Directory groups to be used with
Directory Services
1. Click Application Settings > Users > Directory Services, and then click Add.
2. In the Connect to Directory Service dialog box, by default, AD is selected to indicate that directory type is Active Directory (AD):
NOTE:
To create an LDAP user group by using Directory Services, see Add or edit Lightweight Directory Access
Protocol groups to be used with Directory Services on page 136.
a. Enter a desired name for the AD directory.
b. Select the Domain Controller Lookup method:
• DNS: In the Method box, enter the domain name to query DNS for the domain controllers.
• Manual: In the Method box, enter the FQDN or the IP address of the domain controller. For multiple servers, a maximum of
three servers are supported, use a comma-separated list.
c. In the Group Domain box, enter the group domain as suggested in the tool tip syntax.
3. In the Advanced Options section:
a. By default, Global Catalog Address port number 3269 is populated. For the Domain Controller Access, enter 636 as the port
number.
NOTE: Only LDAPS ports are supported.
b. Enter the network timeout and search timeout duration in seconds. The maximum timeout duration supported is 300 seconds.
c. To upload an SSL certificate, select Certificate Validation and click Select a file. The certificate should be a Root CA Certificate
encoded in Base64 format.
The Test connection tab is displayed.
4. Click Test connection.
5. In the dialog box, enter the username and password of the domain to be connected to.
NOTE:
The username must be entered in either the UPN (username@domain) or in the NetBIOS (domain\username)
format.
6. Click Test connection.
In the Directory Service Information dialog box, a message is displayed to indicate successful connection.
7. Click Ok.
8. Click Finish.
A job is created and run to add the requested directory in the Directory Services list.
1. In the DIRECTORY NAME column, select the directory. The Directory Service properties are displayed in the right pane.
2. Click Edit.
3. In the Connect to Directory Service dialog box, edit the data and click Finish. The data is updated and saved.
Managing OpenManage Enterprise appliance settings
135