Hyena's Active Directory integration can be customized under the Tools->Settings->Active Directory.Active Directory User Integration
|
|
Hyena's Active Directory integration enables any Windows 2000/XP/Vista/7 client computer running Hyena to manage new user directory elements.
Hyena's Active Directory integration can be customized under the Tools->Settings->Active Directory.
Managing User Properties
Hyena uses an LDAP interface for all user administration functions on Windows 200x Active Directory user objects. Hyena will automatically detect if a user belongs to an Active Directory-enabled domain, and automatically add several new dialogs to the user properties function, as show below.
Address - Includes fields for the user's address
Organization - User title, organization, division, etc.
Personal - Includes user's first name, list name, etc. Also supports displaying and setting the user's photo. If you use this feature, Microsoft recommends using a .gif or .jpg file (due to their compressed size). Active Directory stores the actual binary picture information, NOT the path to the picture file, and since this information will be replicated, the picture sizes should be small to reduce network traffic. Several advanced options are available to further control user photos; see Active Directory User Photo Integration topic for more information.
Security - Includes display of the creation and modification date of the user, plus new user account attributes related to security.
Notes - User fields for "Notes" and "Comments"
Contact - Contains a list of all Active Directory phone numbers, email addresses, and web site urls. Unlike MMC applications, these contact points are consolidated into one list box, so that the entire listing of phone numbers/email/web urls are all visible at one time.
Object - The object dialog includes information on internal Active Directory information, such as the GUID, SID, modification and creation dates, and directory path. The Managed By information is also managed on this dialog.
Hyena uses a sophisticated mechanism to only modify Active Directory user fields that have actually been changed, so multiple administrators can safely manage different pieces of the same user properties. Plus, this feature keeps network traffic to a minimum.
Hyena also will properly rename user objects under Active Directory. When renaming users, Hyena will first prompt for the new user name directly in its tree or list windows. After entering the new user name, Hyena will display the Rename User dialog, which has options for renaming the user's full name, and home and profile directory locations. For Active Directory, Hyena offers additional modification to user elements when renaming users, as well as the proper handling of renaming the Active Directory name.
Differences between Windows NT/200x User Management
Hyena's user management dialogs for Windows NT user accounts are very similar to the dialogs used to manage Windows Active Directory users, with only a few differences.
For Active Directory users, Hyena will automatically:
Display the user's full name as the "Display Name"
Change the "User Name" field to be the "Directory Name"
Display a different group membership dialog
Hyena requires entry of the "Directory Name" when an Active Directory domain user is created. This is the first field on the General user properties dialog. This name is primarily used internally by Active Directory to construct the full directory path. We recommend that the directory name be kept reasonably short, and free of punctuation characters. Here is an example of a full LDAP path, for a user with the directory name of "JohnSmith":
LDAP://alexis.systemtools.com/cn=JohnSmith,cn=Users,dc=systemtools,dc=com
Hyena supports modification of the Pre-Windows 2000 logon name and the Windows 2000 logon name on the user "Account" dialog. If left blank, the Pre-Windows 2000 logon name will default to the current value of the "Directory Name", which is the first field on the General properties dialog. This is the former "User Name" as used under NT 4.0, and will be used by NT 4.0 users when logging into the Windows 200x domain.
Hyena can also display the user properties for Foreign Security Principal (FSP) objects in an Active Directory-enabled domain. FSP objects are created when a trusted relationship exists between a Windows 200x and a Windows NT domain. FSPs can be managed by going through the ForeignSecurityPrincipals container in any Active Directory-enabled domain.
Other Active Directory Functions
Other Active Directory functions available for user accounts include (these function are all available on the Account Functions menu):
Shell Properties - Displays the standard shell properties page for the user.
Security Properties / List Directory Security - See Managing Active Directory Security for more information on Active Directory security options.
Reset Password - Allows resetting the password and password reset options.
Disable Account - Disables the user account, preventing any new logon from the user account.
Unlock Account - Enables unlocking a previously locked user account.
Move - Allows selecting a new container/OU to move the user account into.
Add/Remove From Group... - Selecting the Add/Remove From Group option allows selection of a group to be added to or removed from the user's group memberships. This bypasses the need to perform this operation through the Properties dialog.
Photo Integration - Hyena contains extensive support for integrating photos of users into Active Directory. See the Active Directory User Photo Integration topic for more information.
User Image Rules - Hyena will display an image next to user accounts by default based on whether the account is disabled or active. Additional images can be displayed based on rules and priority. For more information on this feature, see the Customizing User Images topic.
Fine-Grained Password Policies - The new fine-grained password policies (also called Password Settings Objects, or PSOs), introduced in Windows 2008 are fully supported in Hyena. For more information on this, see the Fine-Grained Password Policies topic.
User Communication Portal - The new Active Directory 'User Communication Portal' leverages that existing Active Directory attributes related to email, phone, and web site addresses, allowing instant access to popular email and connected telephone systems. For more information, see the User Communication Portal topic.
General Purpose User Functions
Hyena contains a great deal of general-purpose user functions, including advanced home directory management features, terminal server integration, viewing logon information, and more. See the 'Users' topic under the 'Using Hyena - Objects' main topic.