The Windows Account Manager module allows administrative users to manage the mapping between pasPortal account and Active Directory accounts in the pasUnity Enterprise Data Center.

This module functions outside the realm of the normal permissions hierarchy. It can be viewed by any user with membership in Site Administrators, Security Administrators, or Dashboard Management site-level roles with no regard to permissions assigned to the tab on which the module is placed. For more information on the roles referenced in this section please see the role based security topic. Administrative users can configure additional module settings by clicking the button.

NOTE: Organization Unit configuration via the Dashboard Manager module is required prior to the use of this module.

This module only shows Active Directory accounts in the Organizational Unit associated with the current dashboard. The creation and management of Active Directory accounts is performed via Active Directory management tools. Some customers have been delegated access to manage their own Active Directory accounts via RemoteApp applications published through the Hosted Application module.

If the active dashboard is configured with an Organizational Unit, the module displays a sortable data table of all the existing Active Directory accounts in the Organizational Unit consisting of the following:

•pasPortal Account Email: This is a label that shows the name and email address of the pasPortal account to which the Active Directory account is bound or a text box if no link yet exists.

•Active Directory Account Name: The first name and last name of the account in Active Directory.

•Active Directory Universal Principal Name (UPN): This is the fully-qualified logon name of the user in Active Directory which they can use to logon to via the Hosted Application module.

•Active Directory Email: The primary Microsoft Exchange address of the account if it is mail-enabled and the UPN if no email address exists.

You can manage linked pasPortal accounts by clicking the underlined pasPortal Account Email value for previously linked accounts which will open the profile editor.

Creating Linked Accounts

On each row in the data table where the is a Create button this is indicative that an Active Directory account exists which is not associated with a pasPortal account. The pasPortal Email Account text box will default to the email address from Active Directory. You can keep this value or provide an override value for the new pasPortal Account when Create is clicked. Once linked the Active Directory domain name and account name will be stamped onto the pasPortal account profile of the new user and is visible from the profile editor. Because a new account is created an activation email will be sent to the end user.

Linking Existing Accounts

On each row in the data table where the is a Link button this is indicative that an Active Directory account exists which is not associated with a pasPortal account, however, a pasPortal account with recommended email address already exists. The pasPortal Email Account text box will default to the email address common to both the Active Directory and pasPortal account. You can keep this value or provide an override value for the new pasPortal Account when Link is clicked. If you leave the original value unaltered the Active Directory domain name and account name will be stamped onto the pasPortal account profile of the existing user. An activation email will be sent to the user to let them set the credentials on the Active Directory account. If you provide an override value, the process followed will be that of the Creating Linked Accounts as detailed above.

Unlinking Existing Accounts

On each row in the data table where the is an Unlink button this is indicative that an Active Directory account is already linked to a pasPortal account. Clicking this button will break the link between the two products by removing the Active Directory domain name and account name previously stamped onto the pasPortal account. It does NOT remove the Active Directory account which will continue to exist and be billed for until such time as it is removed from Active Directory.

Reminder Messages

On each row in the data table where the is a Remind button this is indicative that an account has been linked but has not yet been activated by the end user. This may be the case for any number of reasons ranging from not receiving the activation email to bad email address to just not having gotten around to it yet. Perform basic troubleshooting to determine the reason and if necessary send a reminder. If the end user is not receiving activation email ask them to add portal@pasportal.com to their safe sender list.

Mass Management

For clients that have a significant number of Active Directory accounts you can check boxes along the left side of the data table and fill out the appropriate values in the text boxes and finally click one of the Create/Link Selected, Remind Selected, or Unlink Selected buttons at the button of the module to perform multiple actions at once.

Send comments on this topic.