When inserting an Active Directory service user with the Metasys Security Administrator tool, note the following rules:
For each user account, use the User Principal Name (UPN) format for the
If you have enabled the exact UPN format at Release 8.1
or later, you do not need to
provide the Fully Qualified Domain Name (FQDN). For example, you can use
myUser@corp.com instead of myUser@my.corp.com. For more
information on enabling the exact UPN format, see the Steps to Enable Exact UPN Format
Note: Users who have not enabled the exact UPN format must provide the FQDN. For example, specify myUser@my.corp.com instead of myUser@corp.com even though the latter is a valid form of the username. Figure 1 shows the screen for adding an Active Directory service user.The fully qualified username is used to identify the currently logged in user on the main Metasys SMP UI screen (Figure 2). The name also appears as the username on Metasys reports and logs (Figure 2). For more details on how to specify an Active Directory service user name, see Username Semantics.
- Each user you specify must exist and be enabled in Active Directory service. Properties of the user, such as the phone number and email address, are read when you add the user to the Metasys system. The Metasys SMP UI displays these items under User Properties. For details, see Information Obtained from Active Directory Services.
Figure 1. Adding an Active Directory Service User
Figure 2. Identifying Active Directory Service User
- If the username for an Active Directory service user changes, you do not need to specify the new name with the Metasys System Administrative tool. Before the user can log in again, update the username with the Security Administrator tool by clicking the Active Directory service user account. For details, see User Name Synchronization in the Metasys System.
- If an Active Directory service user is deleted from the Active Directory service database, delete that user from the Metasys system as well. If you add an Active Directory service user with the same username to the Active Directory service database, but you did not delete this user from the Metasys system, you cannot add the new user to the Metasys system until the original user is deleted.
- If you disable an Active Directory service user in the Active Directory service database, the Metasys Access Suspended property check box in the user’s Properties window becomes selected. Once you re-enable the Active Directory service user, a Metasys Administrator must manually clear the Metasys Access Suspended property check box before the user can log in again.
- The Metasys system follows the text case format dictated by Active Directory services. In other words, if you add a user called MYUSER@my.corp.com, and the Active Directory service format uses all lowercase characters, the username adjusts to email@example.com when added, because the user name is not case sensitive.
- At least one defined service account for Active Directory service must have the privilege to read the user’s Active Directory service attributes. For more details, see Information Obtained from Active Directory Services and Service Account.