Reference Guide

Security Management Server - AdminHelp v9.8
49
3. In the Add Users by Domain dialog, select a domain from the pull-down list.
4. In the Full name field, enter the exact text for the user name or use the wildcard character (*). For
best results, use non-wild card characters at the beginning of the filter (e.g., User* instead of *ser).
5. Select Common Name, Universal Principal Name, or sAMAccountName from the pull-down list.
A Common Name, Universal Principal Name, and sAMAccountName must be defined in the enterprise
directory server for every user. If a user is a member of a Domain or Group but does not appear in
the Domain or Group Members list in the Remote Management Console, ensure that all three names
are properly defined for the user in the enterprise directory server.
6. Click Search. Depending on the size, this may take a few minutes to populate.
If the query is too large, a dialog prompts you to revise the query.
7. Select users from the directory user list to add to the Domain. The user names are added to the
field below the list.
8. Click X to remove the user name from the field or click Add.
Remove Users
In general, a user cannot be removed in the Remote Management Console. Instead, you must remove the
user from Active Directory.
Find Users
1. In the left pane, click Populations > Users.
2. Do one of these:
Enter the user name or a filter in the Search field and click the search icon.
Note: To search, you can enter Common Name, Universal Principal Name, or
sAMAccountName. You can use the wildcard character (*) but it is not needed at the beginning
or end of the text.
Scroll through the User Name list.
3. Click a link in the User Name column.
The User Detail page opens, displaying the Security Policies tab.
Deactivate/Suspend Users
If the user you are deactivating is no longer associated with your organization, be sure to publish appropriate
Current Shield State policy with a value other than Activate, and ensure that the policy commit is complete
and successful prior to removing the user from your enterprise directory server. The user does not need to
be in your enterprise directory server, but the Policy Proxy does need to deliver the policy to their device in
order for it to take effect.
Best Practice - Deleting users from the enterprise directory server is not recommended. If a user leaves the
organization, the account should be moved to a disabled group. With that said, if a deletion occurs, the user
is simply marked “removed” in the Security Management Server, rather than deleted. The user will not
display in the Remote Management Console, but their keys and other information are still available in the
database.