Documentation Multiple Domain Configuration
- Multi-Domain Configuration
- █ Overview Multi-Domain Support
- █ Service Accounts & Domain Controllers
- █ Web Actions Enabled for Global Search
█ Overview Multi-Domain Support
Applies to: Cayosoft Administrator 4.2.x or later.
Cayosoft Administrator versions 4.2 and later, provides simplified multiple domain management. Cayosoft Administrator provides three main features for multi-domain management.
- Centralized settings for domain credentials and domain controllers.
- Unified Roles and Rules can be configured to delegate and automate tasks across multiple domains.
- Global search can be configured so that object search can be performed across multiple managed domains. For admins that perform tasks across many domains a single unified search speeds time to completion for manual tasks by avoiding the need to select individual Administrative Units.
█ Service Accounts & Domain Controllers
There are three items to consider when configuring multiple domain management:
Single Powerful Service Account is default for all domains (recommended) – When a single powerful service account will be used it must have administrative permissions in all domains to be managed. The default service account Credential and Domain Controller is configured by going to Cayosoft Console > Configuration > Active Directory. A default domain controller can also be selected here for the first domain, but domain controllers for other domains will need to be configured under advanced settings.
Separate Service Accounts for each domain – There are two steps needed to configure separate service accounts, configure the default domain service account and domain controllers then configure additional service accounts and domain controllers.
Default Credentials and Domain Controllers
Where: Console > Configuration > Active Directory | Active Directory domain credentials:
The default service account Credential and Domain Controller is configured by going to Cayosoft Console > Configuration > Active Directory. A default domain controller can also be selected here for the first domain, but domain controllers for all other domains will need to be configured under advanced settings of the same page Cayosoft Console > Configuration > Active Directory > Advanced Settings.
Where: Console > Configuration > Active Directory | Advanced Options
Additional service account credentials and domain controllers are configured by going to The default service account Credential and Domain Controller is configured by going to Cayosoft Console > Configuration > Active Directory > Advanced Options.
Configure Administrative Unit with a Global Search Scope
Where: Console > Configuration > Web Interface > Web Queries > Active Directory | Copy Rule
After selecting the Active Directory Admin Unit and choosing Copy Rule you will be presented with the Copy Rule dialog box.
Main options of Copy Rule command
Enter a label/folder name: Enter the name of the Administrative Unit to be shown in the Web Portal
Create delegation for Web Administrators: Check this box to create a delegation under the Web Administrators Role so that you can easily grant access to this Administrative Unit to users. This step is optional and can be done manually later.
Change Scopes and Defaults: This box must be checked to create an Administrative Unit with a Global Search Scope.
Copy settings from this rule: This option allows you to copy settings from one specific Web Query and apply that one web queries’ settings on all queries created during the copy process regardless of Web Queries object type. This is optional and isn’t normally necessary.
Set Limit scope to this Domain or OU: Set this value must be set to Use scopes from delegated Web Queries (GC Search). Using this value will change search behavior as follows:
- Search will be performed against the Global Catalog Server specified in the Active Directory Extension.
- The scope of objects returned, will be determined by combining all search scopes delegated to the user through the Web Administrators Role. This means that what is delegated to the user in other Administrative Units is used to determine what they can see when searching an Administrative Unit with Global Scope.
- The Object’s location that is returned determines the credentials and domain controller used to perform tasks against that object. (See default Credentials and Domain Controllers above)
Domain Controller: This value must be changed to Default Domain Controller (GC)
Credentials: This value must be changed to Default Credentials for Current Scope
Action and Picker Scopes
Default OU for new objects These settings determine the default location for new objects when a new object is created. Because a global scope is being used, the user will need to select a location where a new object will be created. It is suggested that the most likely place for new objects be used here so that when a user forgets to change the new objects location, the object will be created in an acceptable location rather than in the root of the directory.
Default Domain: This is an override option to set the default domain suffix used to generate the UserPrincipalName for newly created users. When set to @ Default Domain, the Active Directory Extension settings named Active Directory domain name is used.
A new set of Global Suspend Policies should be create and referenced here. These new policies should have the Relocate Object option set to Keep in original OU.
Regional settings do not apply here and will need to be configured by the user during task completion.
█ Web Actions Enabled for Global Search
As of Cayosoft Administrator 4.2.0, the following commands are enabled for Global Search.
- Add to a group + quick action (User & Groups)
- Delete (All Objects)
- Enable Mailbox (User)
- Group Properties
- Mailbox (User)
- Mail Properties (Group)
- Membership (Group)
- Office 365 Licensing (User)
- Reset Password + quick action (User)
- Suspend (User & Group)
- Undo Suspend (User & Group)
- User Properties (User)
Subscribe to Cayosoft
Your Email is safe here.×