To ensure that current Active Directory service user
information appears in the Security Administrator system, you can use an automatic
synchronization process. You initiate this process whenever you click a user’s name in the
Active Directory folder. Any changes to the user’s account recorded in that user’s
properties are refreshed. If you cannot read a particular user property from Active
Directory services or if the Metasys system cannot successfully use the service account for
Active Directory services. For example, if the specified service account password is
invalid. A question mark icon (
) appears to the left of the property’s name. Any
property value the UI shows reflects its value from the last successful synchronization with
the Active Directory service.
If an Active Directory service attribute shows no value in the Security Administrator system, make sure that the attribute has a value on the Active Directory service domain server. Such attributes include Active Directory Description, Phone Number, Full Name, and E-mail. The synchronization process cannot determine whether a particular attribute is unspecified or cannot be read from the Active Directory service domain server.
If you delete an Active Directory service user from Active Directory service, the account becomes disabled in the Metasys system, the user’s properties and privileges in the Metasys SMP UI become read-only, and the Metasys Access Suspended property is enabled. A small red X appears next to that user’s icon in the Active Directory Users list see Figure 2. See Table 1 for the icons that indicate the current Active Directory service and Metasys access status for a user.
|
Standard Access icon |
API Access icon |
Tenant Access icon |
Description |
|---|---|---|---|
 |
 |
 |
|
 |
 |
 |
|
 |
 |
 |
|
An Active Directory service user is also marked as deleted if the synchronization process fails to return any attributes for the user. The synchronization process cannot determine the cause of this behavior. Once the error condition is resolved, the user is re-enabled in the Metasys system the next time the user is synchronized.
When a user is removed from Active Directory service, the Metasys system continues to store privileges for a user until a Metasys administrator manually removes the user from the Metasys system.