Ektron CMS400.Net Reference

>>Managing Users and User Groups > Active Directory Feature > Implementing Active Directory Integration > Active Directory Integration

Active Directory Integration

For setup instructions for Active Directory, go to Setup Guidelines.

Impact of AD Integration on Use of Ektron CMS400.NET

Ektron CMS400.NET does not write to Active Directory – it only reads from it. This results in the following changes to the way Ektron CMS400.NET manages user and user group information.

After you enable AD integration, many changes to user and user group information must be made in AD -- several fields on the Edit User and User Group screens become view-only.

When adding new users or groups, you can only select from users and groups in AD. If a user or group does not exist in AD, create it there then import it to Ektron CMS400.NET.

Which AD Information is Imported to Ektron CMS400.NET

Ektron CMS400.NET imports the following AD user information.

Authentication (user logon name and domain) for signing in to Ektron CMS400.NET.

Note: The AD password is not stored in Ektron CMS400.NET– CMS only refers to it during sign in.

User information, listed in the following table

Field in AD

AD Attribute

Corresponding Field in Ektron CMS400.NET

User logon name (pre-Windows 2000)

sAMAccountName

Domain and Username

Note: Users can share a name in different domains. For example, [email protected] and [email protected]. Otherwise, user names must be unique.

Last Name

sn

Lastname

First Name

givenName

Firstname

Email

mail

email Address

User group information, listed in the following table.

Field in AD

AD Attribute

Corresponding Field in Ektron CMS400.NET

Group Name (pre-Windows 2000)

cn

Domain and User group name

Note: User groups can share a name in different domains. For example, [email protected] and [email protected]. Otherwise, user group names must be unique.

The following diagram illustrates the components of the Active Directory feature.

Ektron CMS400.NET Screens in Active Directory Integration Mode

The Active Directory feature uses these Ektron CMS400.NET screens:

The Edit Domains Screen

The Active Directory Setup Screen

The Active Directory Status Screen

The View Users Screen

The View User Groups Screen

This section explains each screen.

The Edit Domains Screen

Use this screen to identify each network domain you will use with Ektron CMS400.NET’s Active Directory Integration. Use this to define domains, as opposed to using auto discovery to find them. This feature is described through these topics.

Enabling the Edit Domains Screen

Accessing the Edit Domains Screen

Fields of the Edit Domains Screen

How Domains are Used

See Also: Active Directory Feature

Enabling the Edit Domains Screen

To have the Edit Domains screen appear, adjust web.config as explained in Setting Up Active Directory via the Advanced Domains Method.

Accessing the Edit Domains Screen

Access the Edit Domains screen by going to Workarea > Settings > Configuration > Active Directory > Domains. Below is a sample of the screen.

The screen lets you add new domains, modify existing ones, or delete obsolete ones.

Fields of the Edit Domains Screen

When defining a domain, enter the following information.

Field

Description

Domain

DNS

Enter the domain’s DNS. Contact your server administrator for this information. For example, corp.example.com.

NetBIOS

If your NetBios is the same as your domain name, leave the checkbox box checked. Otherwise, uncheck the box and enter your NetBIOS setting. Contact your server administrator for this information.

Username

Enter the name of the user with permission to sign on to the domain server. The name is in the format username@domainDNS. For example, [email protected].

Password

Enter the password of the user identified above.

Domain Controller IP

Enter the IP address or DNS name of your domain controller.

Note: If using Active Directory with LDAP across a firewall, the IP address should be that of the firewall. On the firewall, traffic on port 389 (LDAP) should be allowed.
Active Directory with GC uses different ports.

How Domains are Used

Domains are used during signon. In addition to username and password, users must select a domain.

Domains are referenced when defining the users and user group that map to the Ektron CMS400.NET users and groups. See Also: Active Directory Integration

For example, while defining a user group, first select a domain. Ektron CMS400.NET then provides a list of Active Directory user groups in that domain.

The Active Directory Setup Screen

The Ektron CMS400.NET Active Directory Setup screen (illustrated below) lets you enable or disable AD and manage other AD issues, such as whether users and groups are automatically updated.

To access the screen, click Settings > Configuration > Active Directory > Setup.

The following table describes the fields on the screen.

See Also: Messages Near the Top of the Active Directory Setup Screen

Field

Description

For more information, see

Active Directory Installed

Disable Active Directory and LDAP Authentication

Disables the use of Active Directory and LDAP Authentication.

Disabling  AD Integration

Enable LDAP Authentication

If enabled, you must complete the following fields.

Enabling LDAP

LDAP Server

Explained in LDAP Authentication chapter.

Enabling LDAP

Port

Explained in LDAP Authentication chapter.

Enabling LDAP

Organization

Explained in LDAP Authentication chapter.

Enabling LDAP

Domain

Explained in LDAP Authentication chapter.

Enabling LDAP

Attribute

Explained in LDAP Authentication chapter.

Enabling LDAP

Use SSL Explained in LDAP Authentication chapter.

Enabling LDAP

Path Explained in LDAP Authentication chapter.

Enabling LDAP

Enable Active Directory Authentication

If enabled, user authentication is functional, and you can enable the following three fields.

If you do not enable the following three fields, you are using User Authentication Only Mode.

User Authentication Only Mode

For information on LDAP, see LDAP Authentication

Enable Active Directory Integration

If enabled, the Active Directory Integration feature is functional.

Note: Can only be enabled if Enable Active Directory Authentication is enabled.

Active Directory Integration

Enable automatic addition of user from AD

If enabled, user information is imported from AD to Ektron CMS400.NET when that user logs in or when the user is added to Ektron CMS400.NET.

Note: Can only be enabled if Enable Active Directory Authentication is enabled.

Active Directory Integration

Enable automatic addition of user to groups

If enabled, a user’s group membership is first imported from AD when a user logs in or is added.

Note: Can only be enabled if Enable Active Directory Authentication is enabled.

Active Directory Integration

User Property Association

EmailAddr1

Enter the Active Directory property that maps to the user’s last name in Ektron CMS400.NET. By default, this is mail, but you can change it to any AD property.

same reference as FirstName (above)

FirstName

Enter the Active Directory property that maps to the user’s first name in Ektron CMS400.NET. By default, this is givenName, but you can change it to any AD property.

MSDN Library http://msdn.microsoft.com/en-us/library/aa746433%28VS.85%29.aspx.

LastName

Enter the Active Directory property that maps to the user’s last name in Ektron CMS400.NET. By default, this is sn, but you can change it to any AD property.

same reference as FirstName (above)

CMS Administrator Group Association

AD Group Name @ AD Domain

Enter the Active Directory user group and domain name that map to the Ektron CMS400.NET administrator group.

If your AD does not have a user group that includes all Ektron CMS400.NET administrators, you should create one then enter it here.

Active Directory Integration

Domain

If you want to restrict the search of new users and groups to one AD domain, select that domain.

If you do, the Search Active Directory for Users and Search Active Directory for Groups screens let you search the selected domain only.

Also, if any Ektron CMS400.NET user or group names include a domain (for example, [email protected]) that is excluded by your selection, those users/groups are flagged on the Active Directory Setup and Active Directory Status screens because the names include an invalid domain.

 

Messages Near the Top of the Active Directory Setup Screen

Message

Explanation

Active Directory Authentication is Enabled and Requires More Configuration.

Some Ektron CMS400.NET users are not associated with AD users.

Also, if you are using full active directory integration mode, user groups and/or user group relationships may not be associated.

Active Directory Authentication is disabled, but needs further configuration

Some Ektron CMS400.NET users and/or groups are no longer unique.

This happens because, in AD, users and groups can share a logon name as long as their domains are different. But, if AD authentication is disabled, two Ektron CMS400.NET users or groups can no longer share a name -- each must be unique.

If you see either message, click it. You proceed to the Active Directory Status screen, which helps you resolve the discrepancies. See Also: The Active Directory Status Screen

The Active Directory Status Screen

Use the Active Directory Status screen to resolve these discrepancies between Ektron CMS400.NET and AD.

Ektron CMS400.NET user needs to be associated with an AD user

Ektron CMS400.NET user group needs to be associated with an AD user group

Ektron CMS400.NET user’s group membership need to be associated with the same AD user’s group membership

To access the screen from the Ektron CMS400.NET Workarea, click Settings > Configuration > Active Directory > Status.

There are several reasons why such discrepancies may occur. To learn more about why

an Ektron CMS400.NET user is not associated with an AD user, read Active Directory Integration.

an Ektron CMS400.NET user’s group membership is not associated with his AD group membership, read Importing a User’s AD Group Information into Ektron CMS400.NET

an Ektron CMS400.NET group is not associated with an AD group, read Resolving Discrepancies between Groups

If you click a link on the Active Directory Status screen, a new screen lets you resolve the discrepancy. For information on these screens, see the following topics.

Associating Ektron CMS400.NET Users with Active Directory Users

Associating User Group Membership with Active Directory Membership

Associating CMS Groups with Active Directory Groups

Associating Ektron CMS400.NET Users with Active Directory Users

If you click CMS users need to be associated with Active Directory users on the Active Directory Status screen, the Associate Ektron CMS400.NET Users with Active Directory Users screen appears (illustrated below). Use this screen to associate Ektron CMS400.NET users with AD users.

If a user with the same username exists in AD, that name and domain appear in the AD Username and AD Domain fields. If the user exists in more than one AD domain, select a domain from the pull-down list.

If there is no default and you know the AD user name to associate with an Ektron CMS400.NET user, enter that in the AD Username and AD Domain fields. If you do not know the AD username, click Search to find the user in AD.

If you decide to change the username in AD to match the Ektron CMS400.NET username, make the change in AD. Then, click Refresh () to update Ektron CMS400.NET and resolve the discrepancy.

Finally, if a user should not exist in Ektron CMS400.NET, click the Delete box.

After you complete the changes, click Save ().

Associating User Group Membership with Active Directory Membership

If you click CMS relationships need to be associated with Active Directory relationships on the Active Directory Status screen, the Associate Ektron CMS400.NET Relationships with Active Directory Relationships screen appears (illustrated below). Use this screen to coordinate Ektron CMS400.NET user group membership with AD user group membership.

The screen displays a user’s group membership that exists in Ektron CMS400.NET, but does not exist in AD.

See Also: Importing a User’s AD Group Information into Ektron CMS400.NET

After viewing the discrepancy, you have two choices:

To associate the user with the same user group in AD, go to AD and assign the user to the group. Then, return to this screen and click Refresh () to update user group information in Ektron CMS400.NET.

To remove the user’s group membership in Ektron CMS400.NET, check the Delete box and click Save ().

Associating CMS Groups with Active Directory Groups

If you click CMS groups need to be associated with Active Directory groups on the Active Directory Status screen, the Associate Ektron CMS400.NET User Groups with Active Directory Groups screen appears (illustrated below). Use this screen to associate Ektron CMS400.NET groups with AD groups.

If there is no default and you know the AD group name to associate with an Ektron CMS400.NET group, enter that in the AD Group Name and AD Domain fields. If you do not know the AD group name, click Search to find the group in AD.

Finally, if this group should not exist in Ektron CMS400.NET, click the box under the Delete column to delete the group.

After you make all necessary changes, click Save ().

The View Users Screen

The View Users screen (illustrated below) lists all users in Ektron CMS400.NET. To access the screen, click Settings > Users from the Ektron CMS400.NET Workarea. To view more information for a user, click that user to move to the View User Information screen.

The View User Information Screen

If you are using user authentication mode, Username and Domain can only be edited in AD. You can edit all other fields on this screen.

If you are using full AD Integration mode, Username, Domain, First Name, Last Name, and email Address can only be edited in AD. You can edit all other fields on this screen.

The screen also displays the following buttons.

Button

Description

Edit information on screen

Delete user. See Also: Deleting Users

Retrieve latest information from AD into Ektron CMS400.NET

See Also: Active Directory Integration

Note: This toolbar button does not appear if you are using user authentication mode.

Replace user. See Also: Active Directory Integration

Return to previous screen

The Search Active Directory for Users Screen

The View Users screen has a toolbar button () that lets you add AD users to Ektron CMS400.NET. When you click it, the Search Active Directory for Users screen appears.

Enter as many search criteria as you know to reduce the number of users that the search returns. For example, if you know the user’s last name is Jackson and he is in the planets domain, enter those criteria to get fewer results.

When the Active Directory Users screen appears, check the box next to users you want to add to Ektron CMS400.NET. Then, click Save ().

The View User Groups Screen

The View User Groups Screen displays all AD user groups that have been imported to Ektron CMS400.NET. (See Importing AD User Groups to Ektron CMS400.NET)

To access the screen, click Settings > User groups from the Ektron CMS400.NET Workarea.

To view more information for a group, click it and you move to the View Users in Group screen. That screen provides a toolbar button () that lets you add AD groups to Ektron CMS400.NET. When you click the button, the Search Active Directory for Groups screen appears.

View Users in Group Screen

The View Users in Group Screen displays, for each user in the group

username and domain

first and last name

language

The screen also displays these buttons.

Button

Description

Replace group. See Also: Replacing a User Group

Return to previous screen

The Search Active Directory for Groups Screen

Use this screen to add AD groups to Ektron CMS400.NET. Enter as many search criteria as you know to reduce the number of groups that the search returns.

Note: You can only select AD groups that do not exist in Ektron CMS400.NET. Also, the Active Directory Setup screen can restrict AD integration to one domain. If it does, you can only search for groups in that domain.

For example, if you know that a group begins with "S" and is in the planets domain, enter those criteria to get fewer results. After you click Search, a new screen lists all AD groups that satisfy the search criteria. Click the box next to groups you want to create in Ektron CMS400.NET. Then, click Save () to import their information.

Managing Users and Groups in Active Directory Integration Mode

Active Directory Integration strives to maintain consistent user and user group information between AD and Ektron CMS400.NET. This section describes how to work with users and user groups in Active Directory Integration Mode.

Initial Import of AD User Information

Importing AD User Group Information to Ektron CMS400.NET

Importing AD User Information to Ektron CMS400.NET

This section explains the import of AD user information when integration is first enabled and on an ongoing basis. This section covers the following topics.

Initial Import of AD User Information

Ongoing Import of User Information

Manually Adding AD Users to Ektron CMS400.NET

Editing User Information in Ektron CMS400.NET

Deleting Users

Active Directory Integration

Initial Import of AD User Information

This section explains how AD user information is imported to Ektron CMS400.NET. The subtopics describe how this is handled under these circumstances.

The Ektron CMS400.NET database has already been populated with users - see Ektron CMS400.NET Database Already Completed

The Ektron CMS400.NET database has not yet been populated with users - see Only a Few Users in Ektron CMS400.NET Database

Ektron CMS400.NET Database Already Completed

If Enable automatic addition of user from AD is checked on the Active Directory Setup screen, user information is imported from AD to Ektron CMS400.NET when that user logs in or is added to Ektron CMS400.NET. See Also: The Active Directory Setup Screen

At that time, AD information overwrites all Ektron CMS400.NET information. To learn how information is updated from then on, see Active Directory Integration.

If two or more AD users have the same Ektron CMS400.NET user logon name but different domains (for example, JDoe in Eng.Example.com and JDoe in Mkt.Example.com) and that username (JDoe) also exists in Ektron CMS400.NET, the Active Directory Setup and Active Directory Status screens indicate this discrepancy via this message:

CMS users need to be associated with Active Directory users.

Click the message to proceed to the Associate Ektron CMS400.NET Users to Active Directory Users screen. From there, you can link an AD user to the Ektron CMS400.NET user. See Also: Associating Ektron CMS400.NET Users with Active Directory Users

Only a Few Users in Ektron CMS400.NET Database

Go to the Search Active Directory for Users screen and select AD users that will use Ektron CMS400.NET. When you add a user, his AD information is imported to Ektron CMS400.NET.

See Also: The Search Active Directory for Users Screen

Note: You can only select AD users that do not exist in Ektron CMS400.NET. Also, the Active Directory Setup screen can restrict AD integration to one domain. If it does, you can only search for users in that domain.

Ongoing Import of User Information

AD user information is imported to Ektron CMS400.NET when either of these events occurs:

the user logs in

someone clicks Refresh () on the user’s View User Information screen

See Also: The View User Information Screen

Manually Adding AD Users to Ektron CMS400.NET

Before using AD integration, add to Ektron CMS400.NET all AD users that will use your Web site. This can be done automatically, as explained Initial Import of AD User Information.

If you want to manually add an AD user to Ektron CMS400.NET, follow these steps.

1. From the Workarea, click Settings > Users.

2. Click Add Users ().

3. The Active Directory Users screen appears.

4. From the Domain pull-down list, select the domain from which you want to add a user.

5. Enter as much information as you know into the other fields.

6. Click Search.

7. A screen displays all users that satisfy the search criteria.

8. Check the box next to each user you want to add.

9. Click Save ().

Editing User Information in Ektron CMS400.NET

Because Ektron CMS400.NET does not write to AD, you can only change some fields on the Edit User screen. You must edit the read-only fields from AD.

Deleting Users

If a user is deleted in AD, Ektron CMS400.NET does not delete him. However, his login fails because he cannot be authenticated.

The user remains in Ektron CMS400.NET. You can delete the user from Ektron CMS400.NET using the Delete User function. See Also: Deleting a User

Note: If you mistakenly delete all users with administrative privileges, you can still sign in using the builtin user’s username and password. For more information, see BuiltIn User.

Replacing a User

If you associate the wrong AD user with an Ektron CMS400.NET user, you can replace the user. If you do, all Ektron CMS400.NET privileges and workflow responsibilities transfer from the old to the new user.

Follow these steps to associate an Ektron CMS400.NET user with a new AD user.

1. From the Workarea, click Settings > Users.

2. Click the user you want to replace.

3. Click Associate CMS User with Different AD User ().

4. Select a user to replace the user you selected in Step 2.

5. Click Save ().

When you complete this procedure, the first user is deleted from Ektron CMS400.NET.

Importing AD User Group Information to Ektron CMS400.NET

This section explains how a user’s group membership is imported from AD to Ektron CMS400.NET after integration is enabled. Once assigned to a group, the user automatically receives all Ektron CMS400.NET privileges and workflow responsibilities associated with it.

Note: Active Directory has two kinds of user groups: security and distribution. Ektron CMS400.NET does not distinguish between them – as long as a user is a member of either kind of group, group information can be imported to Ektron CMS400.NET.

This section explains the following topics.

Importing AD User Groups to Ektron CMS400.NET

Importing a User’s AD Group Information into Ektron CMS400.NET

Active Directory Integration

Resolving Discrepancies between Groups

Removing Users from a Group

Adding User Groups

Adding a User to a Group

Replacing a User Group

Deleting a User Group

Importing AD User Groups to Ektron CMS400.NET

Before using AD integration, import all AD groups you will use into Ektron CMS400.NET. To do that, follow these steps.

1. From the Ektron CMS400.NETWorkarea, choose Settings > User Groups.

2. Click Add Groups ().

3. The Search Active Directory for Groups screen appears.

4. From the Domain drop-down list, select the domain of the user group you want to add.

Note: The Active Directory Setup screen can restrict AD integration to one domain. If it does, you can only search within that domain.

5. Enter as much information as you know into the Active Directory Group field.

6. Click Search.

7. A screen displays all groups that satisfy the search criteria.

8. Check the box to the left of each group you want to import to Ektron CMS400.NET.

9. Click Save ().

Importing a User’s AD Group Information into Ektron CMS400.NET

This section explains how users' membership in AD Groups is imported to Ektron CMS400.NET. The three subtopics describe how this process is handled under these circumstances.

Initially, if one or more Ektron CMS400.NET user groups have been created - see Ektron CMS400.NET User Groups Already Set up

Initially, if only default Ektron CMS400.NET user groups exist - see Only Default User Groups Exist

On an ongoing basis - see After AD Integration is Enabled

Ektron CMS400.NET User Groups Already Set up

If Enable automatic addition of user to groups is checked on the Active Directory Setup screen, a user’s group membership is imported from AD to Ektron CMS400.NET when a user first logs in or is added. At this time, any AD group memberships overwrite Ektron CMS400.NET group memberships except the Everyone group, to which all users belong.

Note: The Everyone group, unlike other Ektron CMS400.NET groups, is not associated with an AD group. It is an all-encompassing group with no special permissions.

If a user belongs to an AD user group that does not exist in Ektron CMS400.NET, nothing happens. The AD Integration feature assumes that not all AD groups are meaningful in Ektron CMS400.NET.

If a user belongs to an Ektron CMS400.NET user group that does not exist in AD, the discrepancy is flagged on the Active Directory Setup and Active Directory Status screens. From these screens, you can import AD group information into Ektron CMS400.NET.

See Also: Associating User Group Membership with Active Directory Membership and Associating CMS Groups with Active Directory Groups

To learn how membership is updated from then on, see After AD Integration is Enabled.

Only Default User Groups Exist

Follow the procedure described in Importing AD User Groups to Ektron CMS400.NETto import AD user groups to Ektron CMS400.NET. Then, as users in those groups are added to Ektron CMS400.NET, their group memberships are applied.

After AD Integration is Enabled

A user’s group memberships in Ektron CMS400.NET are updated when all of the following are true:

The Enable automatic addition of user to groups field is checked on the Active Directory Setup screen

A user is added to Ektron CMS400.NET or his AD group membership changes

The user logs in or someone clicks Refresh () on the user’s View User Information screen

On the other hand, if Enable automatic addition of user to groups field is unchecked, you can add the user to groups and remove him from groups independently of his AD group memberships.

User Property AssociationMapping the Administrator Group

On the Active Directory Setup screen, you identify the AD user group that maps to the Ektron CMS400.NET Administrator group. Members of this group receive administrator privileges. See Also: List of Administrator Privileges

If such a group does not exist in AD, create it, then assign it on the Active Directory Setup screen.

Note that only one AD group can be mapped to the Ektron CMS400.NET Administrator group -- you cannot have an AD administrator group within each AD domain.

Note: Unlike other Ektron CMS400.NET user groups, whose names are imported from AD, the Ektron CMS400.NET Administrator and Everyone group names cannot be changed.

See Also: The Active Directory Setup Screen

Resolving Discrepancies between Groups

User Belongs to AD Group that Does Not Exist in Ektron CMS400.NET

If user is assigned to an AD user group that does not exist in Ektron CMS400.NET, nothing happens. The AD integration feature assumes that an Ektron CMS400.NET administrator only maintains user groups that are meaningful within Ektron CMS400.NET.

Note: If a user belongs to a user group that is given Membership permissions, but also to a group that has CMS permissions, the user only receives Membership permissions if logged into Ektron CMS400.NET.

User Belongs to Ektron CMS400.NET Group that Does Not Exist in AD

If a user was a member of an Ektron CMS400.NET user group before integration was enabled, but does not belong to that group in AD, this discrepancy is flagged on the Active Directory Setup and Active Directory Status screens.

If the user should belong to the AD group, add the group membership within AD. Then, refresh the user on the View User Information screen to import AD group information into Ektron CMS400.NET.

See Also: Associating CMS Groups with Active Directory Groups

Removing Users from a Group

If you delete a user from an AD group, the user is removed from the associated Ektron CMS400.NET group the next time his information is updated.

Adding User Groups

If AD integration is enabled, you can only add user groups in AD. Once that is done, log on to Ektron CMS400.NET and use the Search Active Directory for Groups screen to import the AD user group to Ektron CMS400.NET. This procedure is described in Importing AD User Groups to Ektron CMS400.NET.

Adding a User to a Group

You cannot add a user to a user group within Ektron CMS400.NET - you must do so in Active Directory.

Replacing a User Group

If you associated the wrong AD user group with an Ektron CMS400.NET user group, you can replace the user group. Follow these steps to do so.

1. From the Workarea, click Settings > User Groups.

2. Click the user group that you want to replace.

3. Click Associate Ektron CMS400.NET Group with Different AD Group ().

4. Select a group to replace the group you selected in Step 2.

5. Click Save ().

Deleting a User Group

Deleting a User Group in AD

If you delete a user group in AD and users are assigned to the group within Ektron CMS400.NET, the group is not deleted in Ektron CMS400.NET. However, any Ektron CMS400.NET users who were members of the group are no longer members the next time their Ektron CMS400.NET information is updated. The discrepancy is flagged on the Active Directory Setup and Active Directory Status screens.

Deleting a User Group in Ektron CMS400.NET

If you delete a user group in Ektron CMS400.NET and users are assigned to that group within AD, nothing happens. This is because AD Integration assumes that the Ektron CMS400.NET administrator only maintains user groups that are meaningful to Ektron CMS400.NET, and some AD groups are not meaningful to Ektron CMS400.NET.

Disabling  AD Integration

To disable AD authentication or integration, edit the Active Directory Setup screen and check Disable Active Directory and LDAP Authentication. See Also: The Active Directory Setup Screen

If you do this, and any users or groups have the same name with different domains, the following message appears.

Active Directory Authentication is disabled, but needs further configuration

For example, two users are named [email protected] and [email protected]. When AD was enabled, the domain names made the users unique. However, when you disable integration, domain names are dropped, so the names are now identical. You need to make the users unique.

If you click the message (above) on the Active Directory Setup screen, you move to the Active Directory Status screen. The following messages may appear.

Click the message to proceed to the Make Ektron CMS400.NET Users Unique screen (illustrated below).

This screen lists users whose user names are not unique and suggests a new, unique username. The new name consists of the user name, underscore, at sign (@), underscore, domain name. So, for example, [email protected] becomes JJackson_@_example.net.

The same is true for user groups. For example, there were two groups named Account Operators, one in the example.com domain, and the other in the saturn.example.com domain. In this case, the Make Ektron CMS400.NET Groups Unique screen would look like this.

Ektron recommends that you accept the suggested new names. Click Save () to do so.

One advantage of the suggested name format is that, if you later decide to re-enable AD integration, the software can automatically associate AD and Ektron CMS400.NET users or groups.


Visit the Ektron Dev Center at http://dev.ektron.com 1-866 - 4 - EKTRON

Ektron CMS400.NET Reference Version 8.02 SP1 Rev 1

Ektron Documentation,© 2011 Ektron, Inc.