User Name Synchronization in the Metasys System - Metasys - LIT-1201528 - General System Information - Metasys System - 12.0.50

Security Administrator System Technical Bulletin

Brand
Metasys
Product name
Metasys System
Document type
Technical Bulletin
Document number
LIT-1201528
Version
12.0.50
Revision date
2023-06-02
Language
English

To ensure that current Active Directory service user information appears in the Security Administrator system, you can use an automatic synchronization process. You initiate this process whenever you click a user’s name in the Active Directory folder. Any changes to the user’s account recorded in that user’s properties are refreshed. If you cannot read a particular user property from Active Directory services or if the Metasys system cannot successfully use the service account for Active Directory services. For example, if the specified service account password is invalid. A question mark icon () appears to the left of the property’s name. Any property value the UI shows reflects its value from the last successful synchronization with the Active Directory service.

If an Active Directory service attribute shows no value in the Security Administrator system, make sure that the attribute has a value on the Active Directory service domain server. Such attributes include Active Directory Description, Phone Number, Full Name, and E-mail. The synchronization process cannot determine whether a particular attribute is unspecified or cannot be read from the Active Directory service domain server.

If you delete an Active Directory service user from Active Directory service, the account becomes disabled in the Metasys system, the user’s properties and privileges in the Metasys SMP UI become read-only, and the Metasys Access Suspended property is enabled. A small red X appears next to that user’s icon in the Active Directory Users list see Figure 2. See Table 1 for the icons that indicate the current Active Directory service and Metasys access status for a user.

Table 1. Icons that indicate Active Directory service user status

Standard Access icon

API Access icon

Tenant Access icon

Description







  • Metasys access is enabled
  • Active Directory service access is enabled
  • Metasys Access Suspended property is cleared






  • Metasys access is suspended
  • Metasys Access Suspended property is selected






  • User is disabled in Active Directory service
  • Metasys Access Suspended property is cleared

An Active Directory service user is also marked as deleted if the synchronization process fails to return any attributes for the user. The synchronization process cannot determine the cause of this behavior. Once the error condition is resolved, the user is re-enabled in the Metasys system the next time the user is synchronized.

When a user is removed from Active Directory service, the Metasys system continues to store privileges for a user until a Metasys administrator manually removes the user from the Metasys system.