Manage Microsoft Active Directory with Mobile Admin

This section provides information about how to use the Mobile Admin Client to manage Microsoft® Active Directory®.

The procedures in this section assume that you are logged into Mobile Admin and that you have selected an Active Directory server to manage from your server list.

Detection

Microsoft Active Directory is detected by a successful retrieval of the "configuration naming context" from the RootDSE using LDAP (Lightweight Directory Access Protocol). The detection process will use the Mobile Admin login credentials, or the credentials specified after a "Change Credentials" action has been taken.

Authentication

You can use either your Mobile Admin login credentials or the credentials specified after a "Change Credentials" action has been taken.

Communication method

The communication method is Lightweight Directory Access Protocol (LDAP).

Troubleshooting

To test Active Directory access, you may use the Active Directory Users and Computer MMC snapin on the Mobile Admin server.

Browse the Active Directory tree

You can browse the Active Directory tree in Mobile Admin for the server you have selected. To browse an Active Directory tree, click the Active Directory icon on the Mobile Admin Manage Services screen or from a view of a server reached from the Mobile Admin Manager Hosts screen. Mobile Admin will display a list of Active Directory folders.

Manage users

You can manage users with Mobile Admin for the Active Directory server you have selected. To perform the tasks associated with managing users, you must first click the Active Directory icon from the Mobile Admin Manage Services screen or from a view of a server reached from the Mobile Admin Manage Hosts screen.

Create a user

  1. Navigate to the folder where you want to create a new user.
  2. On the menu, click New User. Fill out the fields as required:
    1. First Name – type the given name of the user
    2. Last Name – type the surname of the user
    3. Logon Name - type the logon name of the user.
    4. Logon Name (pre w2k) - type the logon name of the user. This field is mandatory even if the Logon Name above was filled in.
  3. Click Save in the menu or on the New User screen.

View a user and edit user settings

To view a user:

  1. Navigate to the location of the user that you want to view.
  2. Locate and select the user.

To edit user settings:

  1. Follow the procedure to view a user and select the user whose settings you wish to edit.
  2. Edit the following fields as required:
    • First Name – type the first name of the user.
    • Last Name – type the last name of the user.
    • Display Name – type the display name for the user.
    • E-mail – type an email address for the user.
    • Logon Name – type a logon name for the user.
    • Logon Name (pre-w2k) – for use on pre-Windows 2000 computers, type an eight-character logon name for the user.
    • Phone – type a phone number for the user.
    • Address – type a street or post office address for the user.
    • City – type the name of the city or town where the user is located.
    • Postal Code – type the postal code for the user.
    • User must change password at next logon – select or turn ON this option if you want to force the user to change their user password the next time they logon.
    • User cannot change password – select or turn ON this option if you want to prevent the user from changing their password.
    • Password never expires – select or turn ON this option if you want to prevent the password from expiring.
    • Account expires end of – enter the date by which this account will expire.
  3. Click Save on the menu or the User Properties screen of the specific user.

Reset a user password

  1. Follow the procedure to view a user and select the user whose password you want to reset.
  2. On the menu, click Reset Password.
  3. Complete the following fields:
    • New Password – type a new password for the user.
    • Confirm – type the password a second time to confirm.
    • User must change password at next logon – select (turn ON) or clear (turn OFF) the option as required.
  4. On the menu or the Reset Password screen, click Save.

Add and remove users to and from groups

  1. Follow the procedure to view a user and select the user you want to add to a group.
  2. On the menu, click Member Of.

To add a user:

  1. On the menu, click Add.
  2. In the Name field, type the names of the group(s) to which you want to add the selected user. Separate each group with a comma.
  3. On the menu or the Add Member screen for the user specified, click Add User.

To remove a user:

  1. Scroll to the group from which you want to remove the user.
  2. On the menu, click Remove.
  3. Confirm that you wish to remove the user from the group selected when prompted.

Enable and disable users

Follow the procedure to view a user and select the user you wish to disable.

To disable a user:

  1. On the menu, click Disable. Mobile Admin will prompt you to confirm that you wish to disable to user.
  2. To enable a disabled user:
  3. On the menu, click Enable.

Unlock a user

Use this procedure to unlock a user who has been locked out of their account as a result of too many failed login attempts.

  1. Follow the procedure to view a user and select the user you wish to unlock.
  2. On the menu, click Unlock.
  3. Confirm that you want to unlock the user when prompted by Mobile Admin.

Rename a user

Follow the procedure to view a user and select the user you wish to rename.

  1. On the menu, click Rename.
  2. In the New Name field, type the new name for the user.
  3. On the menu or on the Rename screen, click Save.

Delete a user

Follow the procedure to view a user and view details for the user that you want to delete.

On the menu, click Delete. Confirm that you wish to delete the user when prompted by Mobile Admin.

Edit a user profile

Follow the procedure to view a user and select the user whose profile you want to edit.

  1. On the menu, click Profile.
  2. Edit the following fields as required:
  3. Profile path – Type a path for the profile.
  4. Logon script – Type the name of the logon script to use.
  5. Home folder drive – Select the drive for the home folder.
  6. Home folder path – Type the path for the home folder on the selected drive.
  7. On the menu or on the Profile screen, click Save.

Manage groups

You can create, edit, and manage groups with Mobile Admin for the Active Directory server you have selected. The first step in managing groups is to click the Active Directory icon on the Mobile Admin Manage Services screen or from a view of a server reached from the Mobile Admin Manage Hosts screen.

Create a group

From the Active Directory screen associated with the selected server, navigate to the folder where you want to create a new group.

  1. From the Active Directory screen associated with the selected server, navigate to the folder where you want to create a new group.

  2. On the menu, click New Group.
  3. Complete the following fields:
    • Group Name – if the server is Windows 2000 or later, type a name for the group in this field (maximum eight characters).
    • Group Name (pre-w2k) – if the server is a version from before Windows 2000, type a name for the group if you are working on.
    • Group Type – from drop-down menu select one of the five options: Security - Domain local, Security - Global, Distribution - Domain local, Distribution - Global, or Distribution - Universal.
  4. On the menu or the New Group screen, click Save.
  5. Close the message window.
  6. Complete the following fields:
    • Description – type a description of the group.
    • Email – type an email address for the new group.
  7. Click Save.

View and editing groups

  1. Navigate to the folder that contains the group you want to view.
  2. Scroll to and select the group you want to view.
  3. To edit the group, change the following fields as required:
    1. Group Name (pre-w2k) – type a name for the group (maximum eight characters, to be compatible with pre-Windows 2000 systems).
    2. Description – type a description of the group.
    3. Email – type an email address for the new group.
  4. On the menu or the screen associated with the group, click Save.

Rename a group

  1. Follow the procedure to view a group select the group that you want to rename.
  2. On the menu, click Rename.
  3. In the New Name field, type a new name for the group.
  4. On the menu or the Rename screen, click Save.

Add members to a group

  1. Follow the procedure to view a group and select the group you want to add a user or group to.
  2. On the menu, click Members.
  3. On the menu, click Add.
  4. Perform one of the following three actions, as required.

    If the member you want to add belongs to the domain you are current in, enter the name of the member in the Name field, and select Add Member.

    If the member you want to add belongs to a different domain with an established trust to the current domain, enter the domain and name of the member in the Name field in the format domain\name, then select Add Member.

    If you want to search for the member in different domains with an established trust to the current domain:

    1. Enter the name of the member in the Name field and select Add Member.
    2. Select a domain from the list.
    3. From the list, select the member you want to add.
    4. Select Add Member from the menu or from the Add Member screen.

Remove a user from a group

  1. Follow the procedure to view a group and select the group from which you want to remove a user.
  2. On the menu, click Members.
  3. Scroll to the user or group that you want to remove from the group.
  4. On the menu, click Remove.
  5. Confirm that you want to remove the user from the group when prompted by Mobile Admin.

Create a new group e-mail address

The icon Task Exchange will only appear for users who are operating Microsoft Exchange 2000 or 2003. Newer versions of Microsoft Exchange have a separate icon labelled Exchange Management Console that controls the e-mail functions listed below. You can find this icon on the Mobile Admin Manage Services screen or on a view of a server reached from the Mobile Admin Manage Hosts screen.

  1. Follow the procedure to view a group and select the group that you want to create a new e-mail address for.
  2. On the menu, click Exchange Tasks.
  3. On the menu, click Establish E-mail Addresses.
  4. Complete the following fields:
    • Alias – type an email alias for the email address
    • Associated Administrative Group – select the administrative group that you want the email address to belong to
  5. On the menu or on the New Group E-mail Address screen, click Create.

Add and delete a group e-mail address

  1. Follow the procedure To view a group and select the group that you want to add an e-mail address to.
  2. On the menu, click Exchange Tasks.
  3. On the menu, click E-mail Addresses.
  4. On the menu, click New.
  5. In the E-mail field, type the email address that you want to add for the group.
  6. On the menu, click Add.

Set a primary group e-mail address

  1. Follow the procedure view a group and select the group that you want to set a primary e-mail address for.
  2. On the menu, click Exchange Tasks.
  3. On the menu, click E-mail Addresses.
  4. Scroll to the email address that you want to set as the group’s primary address.
  5. On the menu, click Set As Primary.

Delete a group e-mail address

  1. Follow the procedure view a group and select the group from which you want to delete an e-mail address.
  2. On the menu, click Exchange Tasks.
  3. On the menu, click E-mail Addresses.
  4. Scroll to and select the email address that you want to delete.
  5. On the menu, click Remove.
  6. Confirm that you wish to delete this e-mail address when prompted.

Delete a group

  1. Navigate to the folder that contains the group that you want to delete.
  2. Scroll to the group that you want to delete.
  3. On the menu, click Delete.
  4. Confirm that you want to delete the group when prompted by Mobile Admin.

Create an organizational unit

  1. Navigate to the folder where you want to create a new organizational unit.
  2. On the menu, click New Organizational Unit.
  3. In the Name field, type a name for the new organizational unit.
  4. On the menu or in the New Organizational Unit screen, click Save.

Receive notifications of locked accounts

Mobile Admin allows you to receive Dashboard notifications if an account has been locked for any reason. To subscribe to receive notifications of locked accounts:

  1. From the menu, select Locked Accounts. Mobile Admin will display a list of accounts locked within the past fourteen days. To view a list of all locked accounts, select Show All Locked from the menu.
  2. Click Subscribe to this feed.
  3. Fill in the fields as required:
    • Feed Name - enter the name of the feed you are subscribing to (e.g. "hostname" Locked in the Past 14 Days")
    • If you desire, enter the optional Contact Phone and Contact URL information.
  4. From the menu or the Subscribe to a new feed screen, select Subscribe.

    You will now receive notifications if accounts become locked.

Manage computers

Mobile Admin allows you to add and delete computers for the Active Directory server you have selected. The first step in managing computers is to view the computers. To view computers, first click the Active Directory icon on the Mobile Admin Manage Services screen or from a view of a server reached from the Mobile Admin Manage Hosts screen. Scroll to and select the Computers folder. To view the properties of a specific computer, scroll to it and select it.

Add a computer

  1. From the Active Directory screen or the Computers screen, select New Computer from the menu.
  2. Fill in the following fields as required:
  3. Computer Name - for servers running a version of Windows 2000 or later, type the name of the computer being added.
  4. Computer Name (pre-w2k) - for servers running a pre-2000 version of Windows, type the name of the computer being added.
  5. Select or turn ON/OFF the Assign backup dc and Managed Computer options as required.
  6. On the menu or New Computer screen, click Save.

    If selected on turned ON the Managed Computer option, you will be prompted to enter the 32-digit hexadecimal Computer GUID (Global Unique Identifier) in the format xxxxxxxxxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx. You will also be given the Any Remote Installation Server option.

  7. Select OK.

Delete a computer

  1. Follow the procedure to view computers and select the computer that you want to delete.
  2. On the menu, click Delete.
  3. Confirm that you wish to delete the computer when prompted by Mobile Admin.