Hyena's Active
Directory integration can be customized under the
Tools->Settings->Active Directory.Active Directory User Integration
|
|
Hyena's Active Directory integration enables any Windows 2000/XP client computer running Hyena to manage new user directory elements.
Hyena's Active
Directory integration can be customized under the
Tools->Settings->Active Directory.
Managing User Properties
Hyena uses an LDAP interface for all user administration functions on Windows 2000 users. Hyena will automatically detect if a user belongs to an Active Directory-enabled domain, and automatically add several new dialogs to the user properties function, as show below.
Address - Includes fields
for the user's address
Organization - User title,
organization, division, etc.
Personal - Includes user's
first name, list name, etc. Also supports displaying and
setting the user's photo. If you use this feature, Microsoft
recommends using a .gif or .jpg file (due to their compressed
size). Active Directory stores the actual binary picture
information, NOT the path to the picture file, and since this
information will be replicated, the picture sizes should be small
to reduce network traffic.
Security - Includes display
of the creation and modification date of the user, plus new user
account attributes related to security.
Notes - User fields for
"Notes" and "Comments"
Contact - Contains a list
of all Active Directory phone numbers, email addresses, and web
site urls. Unlike MMC applications, these contact points are
consolidated into one list box, so that the entire listing of phone
numbers/email/web urls are all visible at one time.
Object - The object
dialog includes information on internal Active Directory
information, such as the GUID, SID, modification and creation
dates, and directory path. The Managed By information is also
managed on this dialog.
Hyena uses a sophisticated mechanism to only modify Active Directory user fields that have actually been changed, so multiple administrators can safely manage different pieces of the same user properties. Plus, this feature keeps network traffic to a minimum.
Hyena also will properly rename user objects under Active Directory. When renaming users, Hyena will first prompt for the new user name directly in its tree or list windows. After entering the new user name, Hyena will display the Rename User dialog, which has options for renaming the user's full name, and home and profile directory locations. For Active Directory, Hyena offers additional modification to user elements when renaming users, as well as the proper handling of renaming the Active Directory name.
Differences between Windows NT/200x User Management
Hyena's user management dialogs for Windows NT user accounts are very similar to the dialogs used to manage Windows Active Directory users, with only a few differences.
For Active Directory users, Hyena will automatically:
Display the user's full name as the "Display Name"
Change the "User Name" field to be the "Directory Name"
Display a different group membership dialog
Hyena requires entry of the "Directory Name" when an Active Directory domain user is created. This is the first field on the General user properties dialog. This name is primarily used internally by Active Directory to construct the full directory path. We recommend that the directory name be kept reasonably short, and free of punctuation characters. Here is an example of a full LDAP path, for a user with the directory name of "JohnSmith":
LDAP://alexis.systemtools.com/cn=JohnSmith,cn=Users,dc=systemtools,dc=com
Hyena supports modification of the Pre-Windows 2000 logon name and the Windows 2000 logon name on the user "Account" dialog. If left blank, the Pre-Windows 2000 logon name will default to the current value of the "Directory Name", which is the first field on the General properties dialog. This is the former "User Name" as used under NT 4.0, and will be used by NT 4.0 users when logging into the Windows 2000/2003 domain.
Hyena can also display the user properties for Foreign Security Principal (FSP) objects in an Active Directory-enabled domain. FSP objects are created when a trusted relationship exists between a Windows 2000/2003 and a Windows NT domain. FSPs can be managed by going through the ForeignSecurityPrincipals container in any Active Directory-enabled domain.
Other Active Directory Functions
Other Active Directory functions available for user accounts include (these function are all available on the Account Functions menu):
Shell Properties - Displays the
standard shell properties page for the user.
Security Properties / List Directory
Security - See Managing Active
Directory Security for more information on Active Directory
security options.
Reset Password - Allows resetting
the password and password reset options.
Disable Account - Disables the
user account, preventing any new logon from the user account.
Unlock Account - Enables
unlocking a previously locked user account.
Move - Allows selecting a new
container/OU to move the user account into.
Add To Group... - Selecting the
Add To Group option allows selection of a group to be added to the
user's group memberships. This bypasses the need to perform
this operation through the Properties dialog.