Resolution
goal
How do I configure an ActiveView so that Assistant Admins are able to add any user in the domain to any group in a particular Organizational Unit?
fact
Directory and Resource Administrator 6.x
fact
Directory and Resource Administrator 7.x
fix
How do I configure an ActiveView so that Assistant Admins are able to add any user in the domain to any group in a particular Organizational Unit?
fact
Directory and Resource Administrator 6.x
fact
Directory and Resource Administrator 7.x
fix
Please refer to the following list of desired results:
- Allow Admin to be able to manage properties of all User accounts in the Houston Organizational Unit.
- Allow Admin to be able to manage group membership of all groups in the Houston Organizational Unit.
- Allow Admin to add users from any Organizational Unit in the domain to groups in the Houston Organizational Unit.
- Do not allow the Admin to modify any other properties of a User account that is not in the Houston Organizational Unit.
In order to allow the Admin to perform the above mentioned functions the ActiveView must be configured with the following Include Rules:
- Include all users in the Houston Organizational Unit.
- Include all groups in the Houston Organizational Unit.
- Include all users in domain domain_name but only allow users to be added to groups or moved to OUs exception checked.
If the ActiveView is configured with the three 'Include' rules mentioned above and the Admin has been granted the necessary powers to add users to groups, they will be able to add all users in the domain to any group in the Houston OU. However, the Admin will not be able to modify properties of any user account in the domain other than the users in the Houston OU.
Additional Information
Formerly known as NETIQKB26863