Manualshelf

Installation manual

ManualsBrandsSharp ManualsBusiness equipmentMX-M283
12345678910
TECHNICAL TIP TT- 20352
5 OF 46
The following tutorial details these procedures using two different examples and demonstrates how to
fully leverage the built in features of Sharp MFPs without the need of additional software or hardware.
Example Setups of MFP User Control Integrated with Active Directory
Example 1 – Using Attributes from the Telephone Tab of the AD User
In this scenario, a fictitious company (Testers Inc.) is hosted by a single domain controller (Exch2010)
with a domain name of TESTDOMAIN.COM. All users except the administrator are members of the
TESTUSERS organizational unit within the domain. A new Sharp MX-5001N has been placed and the
company has certain requirements for its employees to use it.
The company wants to have all users log into MFP with their network credentials to restrict usage of the
MFP. Each user in the organization has a department and job title assigned within active directory.
Currently, there are 3 departments (Advertising, Production and Temporary Workers) and 3 job titles
(Manger, Staff and Temporary). Department Managers are to have full and unrestricted access to all
features of the MFP. Staff members in the Advertising department will have full access to the features
of the MFP but color output for printing and copying will be limited. Staff members in the Production
department will be restricted to black and white printing and copying but can scan in color. For security
purposes, temporary workers are not allowed to use any functions of the MFP even though they have
network accounts. Users not assigned a job title or department are also denied access to the MFP.
In addition, some employees speak Russian and others speak Spanish as their first languages. The
company wants these employees to be able to see the MFP display instructions in their native
languages if they request it.
In this example, unique user rather than organizational attributes are used as these are private values
rarely assigned by domain administrators to users. Follow the instructions in the example below to
obtain the company’s goal.
1. Determine Active Directory User Attributes to use as field values.
NOTE: This step should be completed by the network administrator
Each user object in Windows Active Directory has a number of attributes contained in it such as
login name and password. Many (but not all) of these attributes can be viewed using the Windows
Active Directory Computer and User administrative tool on a domain server. All attributes can be
viewed and edited by the ADSIEdit.mcs (Active Directory Services Interface Editor) Snapin tool
available for download from Microsoft®.
In this example, commonly unused attributes that can be viewed and edited with the Windows
Active Directory Computer and User administrative tool are shown below for the Telephones tab.
NOTE: Not all attributes need to be on the same tab but it is more convenient for editing.