Steps to Enable Active Directory Service for Use by the Metasys System - Metasys - LIT-1201528 - General System Information - Metasys System - 12.0

Security Administrator System Technical Bulletin

Product name
Metasys System
Document type
Technical Bulletin
Document number
LIT-1201528
Version
12.0
Revision date
2022-08-05

By default, the Active Directory service for use by the Metasys system on the Metasys server or SCT computer is disabled. You must perform a number of required actions to enable the Active Directory service for use by the Metasys system. Different individuals within the organization sometimes perform these actions. Table 1 provides an overview of these actions. If any of these steps are specific to the Metasys product, they are further described in the sections that follow.

Table 1. Overview of Actions Required for Enabling Active Directory Service for Use by the Metasys System

Step

Action

Who Is Responsible

Comments/Literature Reference

1

Configure the Domain Name System (DNS) on the Metasys Site Director.

Microsoft Windows Administrator

Accomplished by using standard Microsoft Windows network configuration tools. Refer to Microsoft Windows networking documentation.

Note: Active Directory services rely on DNS functionality.

2

Add Metasys Site Director to an Active Directory service Domain.

Active Directory Service Administrator

Accomplished by using any available method. Refer to appropriate vendor documentation.

3

Within the Active Directory service, create one or more service accounts the Metasys application can use. If more than one account is assigned, use only one account for each domain.

Active Directory Service Administrator

Accomplished by using an Active Directory service user administrative tool. The Metasys application uses these credentials when making requests to Active Directory services. Refer to the following sections: Service Account, Service Account Rules, Service Account Permissions. Also, refer to Appendix: Active Directory Service in the Network and IT Guidance for the BAS Professional Technical Bulletin (LIT-12011279) and to the Active Directory service documentation available from Microsoft Corporation.

4

Communicate the service account credentials created in Step 3 to the Metasys Security Administrator.

Active Directory Service Administrator

User name login, domain specifier, and password are communicated for each account created.

5

Enable Active Directory service authentication for the Metasys site.

Metasys Administrator

Accomplished by using the Metasys Security Administrator Tool. See Enabling Active Directory Service Integration for Metasys server or SCT Software.

6

Enter the domain, username, and password for assigned Active Directory service user accounts (received from the Active Directory Service Administrator in Step 4).

Metasys Administrator

Accomplished by using the Metasys Security Administrator Tool. See Enabling Active Directory Service Integration for Metasys server or SCT Software.

7

Add each existing Active Directory service user to Metasys and authorize each to access Metasys functions. (This is an ongoing task.)

Metasys Administrator

Assumes that the Active Directory service users have already been created in Active Directory service by an Active Directory Service Administrator. This step is revisited each time changes occur to the set of Active Directory service users, and therefore, is part of ongoing user administration.

8

Select the default domain to be displayed in the domain list box located on the Metasys Login screen. (This is optional.)

Metasys Administrator

Accomplished by using the Metasys Security Administrator Tool. See Enabling Active Directory Service Integration for Metasys server or SCT Software.