Active Directory Service - User Administration - Metasys - LIT-1201528 - General System Information - Metasys System - 12.0

Security Administrator System Technical Bulletin

Product
Building Automation Systems > Building Automation Systems > Metasys System
Document type
Technical Bulletin
Document number
LIT-1201528
Version
12.0
Revision date
2022-08-05

Use the Metasys Security Administrator System available on the Metasys server or SCT to add existing Active Directory service users to the Metasys system. The Security Administrator System does not create or maintain user accounts in Active Directory service, it uses existing Active Directory service user accounts. Active Directory service tools handle any changes to Active Directory service user accounts such as password changes or resets. For details on adding Active Directory service users, see User Account Rules.

The system creates a Metasys system audit record whenever you add or remove an Active Directory service user from the Metasys system. Use the Security Administrator system to assign Metasys privileges to Active Directory service users that you have added to the Metasys system. These privileges include those based on system, category, feature, and property.

You assign and maintain all privileges for Active Directory service users in the same way as for Metasys local users. You can use the same windows, menu options, and tabs that you use when you administer a Metasys local user. However, some UI screens display a combination of Metasys specific data and Active Directory service data, whereas other screens display some options unavailable. For example, the telephone number and email address properties for Active Directory service users appear but you cannot edit them because these are properties under the control of Active Directory service. The dimmed label Active Directory precedes such properties.

Any Standard Access administrator can assign permissions to any Active Directory service user that you have added to the Metasys system. You can assign privileges directly to the Active Directory service user or assign the user to a Metasys role. Also, Standard Access Administrators have full control to add, remove, update, and assign permission operations for any Metasys Active Directory service user.