PowerCAMPUS Portal and Active Directory

Similar documents
Active Directory Quick Reference Guide for PowerCAMPUS Self-Service 7.x. Release 5 July 2011

Chapter. Managing Group Policy MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

Administering Active Directory. Administering Active Directory. Reading. Review: Organizational Units. Review: Domains. Review: Domain Trees

NETWRIX IDENTITY MANAGEMENT SUITE

(Installation through ADSelfService Plus web portal and Manual Installation)

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

NetWrix USB Blocker. Version 3.6 Administrator Guide

Active Directory Account Provisioning (ADAP)

OneLogin Integration User Guide

ADSelfService Plus Client Software Installation Guide

User Management Tool 1.5

Cloud Authentication. Getting Started Guide. Version

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Defender Token Deployment System Quick Start Guide

Administrators Help Manual

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

PLANNING AND DESIGNING GROUP POLICY, PART 1

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

NSi Mobile Installation Guide. Version 6.2

How To Take Advantage Of Active Directory Support In Groupwise 2014

How to monitor AD security with MOM

Module 1: Introduction to Active Directory Infrastructure

StarWind SMI-S Agent: Storage Provider for SCVMM April 2012

Luminis to Banner Single Sign-On

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

AVG Business SSO Connecting to Active Directory

Ultimus and Microsoft Active Directory

Table of Contents WELCOME TO ADAUDIT PLUS Release Notes... 4 Contact ZOHO Corp... 5 ADAUDIT PLUS TERMINOLOGIES... 7 GETTING STARTED...

Troubleshooting Active Directory Server

ACTIVE DIRECTORY DEPLOYMENT

HIGHER EDUCATION. What can we help you achieve? SunGard Banner Financial Aid

Stellar Active Directory Manager

Employee Active Directory Self-Service Quick Setup Guide

The Windows Server 2003 Environment. Introduction. Computer Roles. Introduction to Administering Accounts and Resources. Lab 2

Portland State University Office of Information Technologies Active Directory Standards and Guidelines for Campus Administrators

AVG Business Secure Sign On Active Directory Quick Start Guide

NetWrix Password Manager. Quick Start Guide

AD Self-Service Suite for Active Directory

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

User Migration Tool. Note. Staging Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted Release 9.0(1) 1

Deploying System Center 2012 R2 Configuration Manager

Keeping Tabs on the Top 5 Critical Changes in Active Directory with Netwrix Auditor

Active Directory Self-Service FAQ

Dell Active Administrator 8.0

Building the SAP Business One Cloud Landscape Part of the SAP Business One Cloud Landscape Workshop

Alpha High Level Description

Microsoft Office 365 Using SAML Integration Guide

CA Nimsoft Service Desk

Administrator Guide. DigitalPersona Pro. for Active Directory. Version 4.0

WatchDox Administrator's Guide. Application Version 3.7.5

Configuring Controller 8.2 to use Active Directory authentication

Test Case 3 Active Directory Integration

Managing Your Workflow System

Integration with Active Directory

LifeSize Control Installation Guide

PingFederate. Identity Menu Builder. User Guide. Version 1.0

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Direct Storage Access Using NetApp SnapDrive. Installation & Administration Guide

NETWRIX ACCOUNT LOCKOUT EXAMINER

NETWRIX WINDOWS SERVER CHANGE REPORTER

Active Directory Integration for Greentree

High-Availability and Scalability

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

User Management Tool 1.6

Crystal Report tips and Techniques

Outpost Network Security

Banner Security: A Functional View

Administering Group Policy with Group Policy Management Console

Security Assertion Markup Language (SAML) Site Manager Setup

Faculty Details. : Assistant Professor ( OG. ),Assistant Professor (OG) Course Details. : B. Tech. Batch : : Information Technology

Monitor Print Popup for Mac. Product Manual.

Active Directory Change Notifier Quick Start Guide

Installation Guide - Client. Rev 1.5.0

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

WINDOWS 2000 Training Division, NIC

IIS, FTP Server and Windows

Symantec Managed PKI. Integration Guide for ActiveSync

MicrosoftDynam ics GP TenantServices Installation and Adm inistration Guide

SHARING FILE SYSTEM RESOURCES

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

Getting Started Guide

Configuring IBM Cognos Controller 8 to use Single Sign- On

FastPass Password Manager Version 3.5.1

This means that any user from the testing domain can now logon to Cognos 8 (and therefore Controller 8 etc.).

Using the vcenter Orchestrator Plug-In for Microsoft Active Directory

PowerLink for Blackboard Vista and Campus Edition Install Guide

System Administration Training Guide. S100 Installation and Site Management

Faculty & Advisor Banner Self-Service Guide V2.0

SafeGuard Enterprise Administrator help

CA Performance Center

Introduction to Active Directory Services

Aventail Connect Client with Smart Tunneling

Administrator s Guide

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Installation and Configuration Guide

WatchDox for Windows User Guide. Version 3.9.0

Transcription:

SUNGARD SUMMIT 2007 sungardsummit.com 1 PowerCAMPUS Portal and Active Directory Presented by: Chad Sexton PowerCAMPUS Portal Development March 21, 2007 A Community of Learning

Overview SunGard Higher Education s vision for higher education is to help every institution create the Unified Digital Campus (UDC), an environment in which systems, individuals, and communities interact seamlessly for learning, teaching, administration, and achievement. A Portal serves as a very important piece of the UDC because it provides institutions with the ability to unify and manage their core academic, administrative and community web applications in a common platform that ultimately provides a seamless, secure, and personalized atmosphere. 2

Overview The portal solution chosen by the PowerCAMPUS line of business is Microsoft Sharepoint Portal Server 2003 (for Portal 1.1) and Microsoft Office SharePoint Server 2007 (for PowerCAMPUS Portal 2007). With SPS 2003, all nonanonymous access to SharePoint Portal Server sites and areas requires that the user possess an Active Directory account. An important part of the value added to the Sharepoint Server solutions the PowerCAMPUS line of business will offer is the automatic provisioning of Active Directory accounts based on pre-existing IQ.Web accounts as well as newly created IQ.Web accounts. The current design has moved from a user-driven method of account provisioning to an administrator-driven method. 3

What s Included Important Active Directory Object Attributes Microsoft Management Console (MMC) - ADSI Edit PowerCAMPUS message sources to Portal/Active Directory messages within the system. IQ.Web Administrative pages related to Active Directory Portal Settings page in IQ.Web to access Portal/Active Directory settings. 4

What s Included Portal Account Maintenance page in IQ.Web titled Portal Unlock Accounts has been added that allows IQ.Web administrators to unlock accounts that have been denied access to enter Active Directory credentials due to failed Active Directory/Network login attempts within IQ.Web. A new Windows Application to access/configure Portal/Active Directory settings. The new application will allow administrators to setup default Domains, Organizational Units, Groups in regards to Active Directory. Other setups include our proprietary ADConnect process, general settings, and logon and full name formats. A new Windows Service which handles the account provisioning of Active Directory/IQ.Web accounts. 5

Managing the guest/applicant/student lifecycle User ADWatcher Active Directory Domain Controller SharePoint Server 1. User goes to anonymous site 2. User submits application in Self-Service 3. Applicant record created 4. ADWatcher executes applicant view 5. ADWatcher creates portal account 6. Self-Service emails user id and password 7. User enters authenticated Portal site 8. User views content customized to her role PowerCAMPUS Database Server AD Connect Self-Service Server 6

Managing IQ users who already have AD accounts User ADWatcher Active Directory Domain Controller SharePoint Server 1. User logs in to IQ 2. User is prompted for AD credentials 3. AD.Connect validates credentials 4. Portal Account is mapped to IQ Account 5. User logs in to Portal 6. Personal data shows in Web Parts and SSO to IQ is successful PowerCAMPUS Database Server AD Connect Self-Service Server 7

Domains What is a Domain? A domain is logically an organizational grouping of resources allowing central management of those resources. Physically, it is a database containing information about those resources. Domains act as the building block for an Active Directory tree structure. 8

Active Directory and Domains Root Domain The first domain created in Active Directory becomes the root domain. The root domain acts as the top of the structure and determines the beginning of the Active Directory namespace. The name of the first domain must match the top level of your desired namespace. After the first domain is created, each subsequent domain is added to the tree somewhere beneath it. So additional domains are always considered children. So if our root domain is PowerCAMPUS then all subsequent domains will follow the naming pattern of <new name>.powercampus Ex. PowerCAMPUS -> Malvern.PowerCAMPUS (DN=Malvern.PowerCAMPUS) PowerCAMPUS -> Rochester.PowerCAMPUS (DN=Rochester.PowerCAMPUS) Domains do act as administrative boundaries in that it is easy to give one administrator control over all resources within a domain. But using domains as the boundary for administrative privileges does not offer great granularity. For that need, Active Directory includes the Organizational Unit (OU) object class. 9

Active Directory Groups Creating Groups Groups in Active Directory are a way to organize individual user or computer accounts. They are typically used for security and distribution purposes. It is recommended that most of your directory management should be done through groups, rather than to individual users or computers. 10

Active Directory Groups Types of Groups Security Groups Security Groups are used to grant permissions to resources. Computers, users, and other groups can be members of a security group. If you wanted to grant users permissions on a share or to a particular machine, for instance, you could create a group, grant that group the appropriate permissions, and then add users (or other groups even) as members of that group. Distribution Groups Distribution Groups are used for non-security functions, such as e-mail. Distribution Groups cannot be assigned permissions or rights. 11

Active Directory Groups Scopes of Groups The scope, or area of influence, for a group can be limited to a single domain, to multiple domains (through trusts), or to the entire network. Domain Local Groups Domain local groups are limited to a single domain. They can be used to grant permissions to resources only within that domain. Global Groups Global groups are used to grant permissions to objects in multiple domains and are visible to all trusted domains. Global groups, though, can have as members only users and groups from within their own domain. Universal Groups Universal groups are similar to global groups in that they can be used to grant permissions across multiple domains. The big difference is that universal groups can contain any combination of user and global group accounts from any trusted domain in the forest. 12

Active Directory Security Groups Active Directory Security Groups 13

Active Directory Security Groups Groups Member Of 14

Active Directory Security Groups Setting up Active Directory Security Groups in Directory Integration 15

Active Directory Organizational Units An Organizational Unit (OU) object is a container object used to organize the resources in your directory. Organizational Units form logical administrative units that can be used to delegate administrative privileges within a domain. Rather than add another domain to an existing structure, it is often more advantageous to just create another Organizational Unit to organize objects. Organizational Units provide structure within a domain. This structure is hierarchical in nature. Each OU acts as a subdirectory to help administrators organize the various resources described within the directory. Organizational Units should reflect the business structure of your company or organization. One should not create containers just for the sake of structure. If you can t justify a container for either management or user convenience, then you probably don t need that OU. 16

Active Directory Organizational Units An OU can contain the following types of objects: Users Groups Computers Printers Applications Security Policies File Shares Other OUs * The only object an OU cannot contain is any object from another domain. 17

Active Directory Organizational Units Why Create Containers To delegate administrative control, allowing an individual the ability to add, delete, or modify objects in a limited portion of the tree. To ease management by grouping like objects. You might create containers to hold users with similar security requirements. To control the visibility of objects. To make administration more straightforward, assigning permissions once to the OU rather than multiple times for each object. To make administration easier by limiting the number of objects in a single container. Even though the limit in a container is large, no one wants to page through a huge list every time they need to view/manage a single object. To be used as a holding container for other OUs. 18

Active Directory Organizational Units Active Directory Containers and Organizational Units 19

Active Directory Organizational Units Sample Structured View of Organizational Units 20

Active Directory Organizational Units Setting up Active Directory Containers in Directory Integration 21

Active Directory Organizational Units ADSI Edit 22

Windows Server 2003 Support Tools Download the latest version of the Support Tools To enable the use of the ADSI snap-in module, you will need to go to Microsoft s site to download the latest version, or the version that supports your instance of Windows Server 2003, of the Windows Server 2003 Support Tools. The link below will get the latest Support Tools for Windows Server 2003 SP1. http://www.microsoft.com/downloads/details.aspx?familyid=6 EC50B78-8BE1-4E81-B3BE-4E7AC4F0912D&displaylang=en 23

Microsoft Management Console (Install ADSI Edit) Start, Run, mmc 24

Microsoft Management Console Add/Remove Snap-in 25

MMC ADSI Edit Snap-in Adding ADSI Edit Snap-in 26

MMC ADSI Edit Snap-in Adding Active Directory Users and Computers Snap-in 27

MMC ADSI Edit Snap-in Completing addition of snap-ins 28

MMC ADSI Edit Snap-in Viewing addition of Snap-ins 29

MMC ADSI Edit Snap-in Selecting a domain to connect to via ADSI Edit 30

MMC ADSI Edit Snap-in ADSI Edit Connection Settings 31

MMC ADSI Edit Snap-in Tree display in ADSI Edit 32

Active Directory Attributes Logon Name samaccountname Attribute 33

Active Directory Attributes Organizational Unit distinguishedname Attribute 34

Active Directory Attributes Container distinguishedname Attribute Jimmy.Page Container CN=Jimmy.Page,OU=Graduate,OU=Students,OU=MyCollege,DC=domain,DC=com 35

Sharepoint Portal Active Directory credentials stored in PORTALACCOUNT Table 36

IQ.Web & Active Directory AD.Connect is the interface between IQ.Web and Active Directory 37

PowerCAMPUS Portal Message Sources PORTALLINK,PORTALCRED,PORTALFAIL 38

IQ.Web Administration/Setup Portal Settings icon on Global Settings page 2 Portal administrative pages 39

IQ.Web Administration/Setup Portal Global Settings 40

IQ.Web Administration/Setup Portal Settings page Easy access to all Portal/Active Directory Settings For your IQ.Web and Active Directory Integration to work properly, the General Portal Settings page must be entered initially and processed. 41

IQ.Web Administration/Setup General Settings. 42

IQ.Web Administration/Setup The ability to view which users Active Directory credentials have been authenticated 43

IQ.Web Administration/Setup This page contains all of the accounts that have reached the maximum credential verification attempts. They will not be prompted to enter any Active Directory credentials once they have been locked. 44

IQ.Web Administration/Setup No locked accounts 45

Directory Integration New Windows Application 46

Directory Integration Setup Dataconfiguration.config 47

Directory Integration Script Execute Tab 48

Directory Integration Script Execute Settings Saved in XML Format 49

Directory Integration General Settings Tab 50

Directory Integration General Settings Settings Saved in XML Format 51

Directory Integration Log and Information Files AD Connect Log File User chooses name and location on Disk. *.log extension is recommended. AD Watcher Log File ADWatchService Log.txt User chooses location on Disk AD Watcher Information (Verbose) File ADWatchInfo Log.txt User chooses location on Disk AD Watcher Event Log File ADWatchService Log Windows Event Viewer 52

Directory Integration General Settings Log Files and Location 53

Directory Integration General Settings Error Log 54

Directory Integration General Settings Info Log 55

Directory Integration AD Connect Tab 56

Directory Integration AD Connect Settings Saved in Registry in 3 locations General Section 57

Directory Integration AD Connect Settings Saved in Registry in 3 locations Bindings Section 58

Directory Integration AD Connect Settings Saved in Registry in 3 locations Containers/Paths Section 59

Directory Integration AD Connect Settings Saved in Registry in 3 locations General Section Trace Log File for AD Connect process 60

Directory Integration Change SID Tab 61

Directory Integration Change SID Settings Saved in Registry 62

Directory Integration Logon Format Tab 63

Directory Integration Logon Format Tab Changing the format of a field (via right context menu) 64

Directory Integration Logon Format Tab Changing the field format values 65

Directory Integration Logon Format Tab Current Format changed and display changed 66

Directory Integration Logon Format Settings Saved in Database 67

Active Directory Logon Name User Object logon name 68

Active Directory Attributes Logon Name samaccountname Attribute 69

Directory Integration Name Format Tab 70

Directory Integration Name Format Settings Saved in Database 71

Active Directory Full Name Creating a new User object in Active Directory 72

Active Directory Full Name Populating Full name when creating new User Object 73

Active Directory Full Name Display of Full name for User Object 74

Active Directory Full Name Container Name display of Full Name 75

Directory Integration Windows Service Tab 76

Directory Integration Windows Service Tab Schedule Service 77

Directory Integration Windows Service Tab Service Running Status 78

Directory Integration Windows Service Tab ADWatcher Service showing in System Services 79

Directory Integration ADWatcher Service Set Logon Properties to user Administrator Account 80

Directory Integration Windows Service Event Log 81

Directory Integration Windows Service Event Log Message showing that the service was started 82

Directory Integration Windows Service Event Log Service executing and notifying records found for processing 83

IQ.Web Administration/Setup All new Portal/Active Directory pages as displayed in Maintain Pages section of Security Setup 84

Portal Identify Yourself Portal Identify Yourself page If you have one of the People Types as mapped in the Portal Roles page, and have not been prompted for Active Directory credentials previously, you will be directed to the Portal Identify Yourself page when you log into the IQ.Web application. 85

Portal Enter Credentials Yes, I do have credentials User shall enter proper Active Directory/Network credentials per their institution 86

Portal Enter Credentials Invalid credentials entered or problem communicating with Active Directory 87

Portal User Information Data Stored in PORTALACCOUNT Table after successful Active Directory account credentials 88

Questions & Answers Any Questions? 89

Thank You! Chad Sexton Chad.sexton@sungardhe.com Please complete the online class evaluation form SunGard, the SunGard logo, Banner, Luminis, PowerCAMPUS, Matrix, and Plus are trademarks or registered trademarks of SunGard Data Systems Inc. or its subsidiaries in the U.S. and other countries. Third-party names and marks referenced herein are trademarks or registered trademarks of their respective owners. 2007 SunGard. All rights reserved. 90

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information