Work with Active Directory
1. Configure Active Directory settings
1. Add users to Active Directory
  1. Add a user to Active Directory when creating a new user
  1. Add an existing user to Active Directory
  1. Add multiple users to Active Directory
1. Add and remove users in the Active Directory case group

Work with Active Directory

Active Directory is a tool used to group and store user accounts and case groups. Active Directory stores information in organizational units, similar to the folder structure in Microsoft Windows Explorer.

System administrators authenticate Active Directory with the application, which minimizes the need to manage Active Directory users in Active Directory. As a system administrator, you can import Active Directory users into the application and add new application users to Active Directory. Portal administrators can import users, but the system administrator designates one Active Directory organizational unit to which portal administrators have access.

You can configure the Active Directory case group and organizational unit in the application on the Active Directory Settings page. You can also enable or disable the self-service password system and the domain user import feature.

Note: Authenticate only one Active Directory at a time with the application.

The following list describes the available features and tasks when you authenticate with Active Directory:

Self-service password system: If you incorporate a self-service password system, configure Active Directory to work with the system. The self-service password system can be enabled or disabled.

Domain user import: Import Active Directory users into the application. For information about domain user import, see Import users by domain. The domain user import feature can be enabled or disabled.

Add users to Active Directory: Add new application users to Active Directory. You can also add existing application users from each user's profile page.

Add users to the Active Directory case group: Use this group to manage file repository hare permissions. Only one Active Directory case group exists per case.

Configure Active Directory settings

To work with Active Directory, the application authenticates with the Active Directory account. A system administrator configures the authentication settings on the Active Directory Settings page.

To activate the self-service password and domain user import features, you need the following:

Domain name: The name of the Active Directory domain to which you want to connect.

Domain service account: The name of the Active Directory account you use to add and edit Active Directory users. For the self-service password feature to work with Active Directory, the Active Directory administrator gives the account write permissions. To enable the domain user import feature, the account needs only read access.

Domain service account password: Create a password for the domain service account.

To add application users to Active Directory and to an Active Directory case group, you need the following:

Organizational unit for user storage with write permissions: The organizational unit in which Active Directory stores user accounts. The Active Directory administrator grants write permissions to this organizational unit to the domain service account.

Organizational unit for the Active Directory case group with write permissions: The case group organizational unit in which Active Directory stores user groups. The application stores all imported user groups in the case group organizational unit that you select. The names of the case group organizational units derive from the names of the cases to which you have access. When administrators assign users to cases, the application automatically places the users in the selected case group organizational unit and in the corresponding case group organizational unit in Active Directory. The Active Directory administrator grants write permissions for the domain service account to the case group organizational unit.

To configure the Active Directory settings:

On the Portal Home page, under Portal Management, click User Administration.

In the navigation pane, click Active Directory Settings.

Note: You will not see the Active Directory Settings page if your portal is configured to use Ringtail authentication.

Type the Domain name.

Type the Domain service account. The application uses the account to access Active Directory.

Type the Domain password, and then click Test to authenticate the domain.

Optionally, do any of the following:

To enable the password self service system for users, select the Enable users to access password self service check box. To disable the system, clear the check box.

To enable the domain user import feature, do the following:

Select the Enable users to be imported from domain check box.

When importing, portal administrators can access one organizational unit only. Under Organizational Unit accessible to Portal Administrators, select the organizational unit that the portal administrators can access.

To allow new or imported application users to be automatically added to Active Directory, do the following:

Select the Add Ringtail users to Active Directory check box.

Under Store users in this Organizational Unit, select the organizational unit in which to store user accounts.

To allow for the addition of application users to an Active Directory case group, do the following:

Select the Create Active Directory group check box.

Under Store group in this Organizational Unit, select the organizational unit in which to store the Active Directory case group.

Click Save.

Add users to Active Directory

Use the following procedures to add users to Active Directory.

Add a user to Active Directory when creating a new user

When creating a new user, you have the option to add the user to Active Directory. For information about creating new users, see Create new users.

Add an existing user to Active Directory

You can add an existing user to Active Directory from the user's profile page. You can also reinstate a deleted user and add the user to Active Directory.

To add a user to Active Directory:

On the Portal Home page, under Portal Management, click User Administration.

In the navigation pane, click Users or Deleted users. For portal administrators, when organization security is enabled, the list of available items depends on membership in a provider or client organization. To understand how organizations are managed in Nuix Discover, see Organizations. For a summary of how organization security affects portal access for each user category, see Portal security table.

Click the name of the user.

Note: The User is not in Active Directory section only appears on the Profile page if the user is not currently in Active Directory and your environment is configured for Windows authentication.

If adding a deleted user to Active Directory, select the Reinstate this user check box.

Select the Add this user to Active Directory check box.

Click Save.

Add multiple users to Active Directory

You can add multiple users to Active Directory from a list of users that are not in Active Directory. The application creates a report detailing the changes made to each user.

Caution: The report contains sensitive information, including user passwords.

To add multiple users to Active Directory:

On the Portal Home page, under Portal Management, click User Administration.

On the Users page, click More and then select Reconcile Ringtail users with Active Directory.

In the Reconcile Ringtail users with Active Directory dialog box, select users. For portal administrators, when organization security is enabled, the list of available items depends on membership in a provider or client organization. To understand how organizations are managed in Nuix Discover, see Organizations. For a summary of how organization security affects portal access for each user category, see Portal security table.

Click OK.

Open or save the report.

Add and remove users in the Active Directory case group

You can add or remove users in an Active Directory case group. You can also create a report detailing the changes made to each user.

To add or remove users in an Active Directory case group:

On the Portal Home page, under Portal Management, click User Administration.

On the Users page, click More and then select Reconcile Active Directory group.

In the Reconcile Active Directory group window, select an Active Directory case group and click Next.

Note: The case names that appear on the Select Case page are the same as the Active Directory case group names. The application derives the Active Directory case group names from case names.

In the list of users on the Select Users page, select the users to add to or remove from the Active Directory case group. For portal administrators, when organization security is enabled, the list of available items depends on membership in a provider or client organization. To understand how organizations are managed in Nuix Discover, see Organizations. For a summary of how organization security affects portal access for each user category, see Portal security table.

The Actions column contains one of the following status messages, which indicates if the user can be removed or added:

Remove from Active Directory group: The user is assigned to the Active Directory case group. You can remove this user.

Add to Active Directory group: The user is not assigned to the Active Directory case group. You can add this user.

Click Next.

Select the optional Download report check box to create a report of the users you added or removed.

Click Finish.

If you created a report, open or save it.