Manage Super Administrator Task Collections

(2.1)   eControl 3 Administration Guide  >  Configure the "Manage" Module  >  Manage Super Administrator Task Collections

Within most eControl deployments, it is recommended to assign super administrator task ability to manage user accounts, groups and email accounts for all Directory service(s) being managed using eControl.  In addition, it is recommended to assign one or more directory administrator ability to manage user accounts, groups and email accounts for each Directory service being managed by eControl. Those administrator accounts can manage wihtin the specified Directory but cannot managed other Directories in the network. In our demonstration environment we want to create:

• eControl Admins - provides designated administrators full tasks to all Directory and email systems.
• eControl AD Admins - provides designated administrators full tasks to all eDirectory and GroupWise systems.

• Super Administrator All Systems Task Collection
• Super Administrator eDirectory Task Collection
  • Create an eDirectory Group and Add a Super Admin User Account
  • Create an eDirectory All Tasks Role and Task Collection
  • Assign the eDirectory All Tasks Role and Task Collection
• Super Administrator Active Directory Collection
  • Create an eDirectory Group and Add the User Account
  • Create an Active Directory All Tasks Role and Task Collection
  • Assign the Active Directory All Tasks Role and Task Collection

Super Administrator All Systems Task Collection

In "Preparing Your Network for eControl" we completed the tesks necessary for this role and task collection which included:

• Created the eControl-Admins eDirectory Group
• Create an eDirectory "All Tasks" role and task collection
• Assign the eDirectroy "All Tasks" role and task collection to the eControl-Admins group and define the search context

All that now is required is to add the Acme5 user to the eControl-Admins group using ConsoleOne, iManager, or eControl.

Super Administrator Active Directory Collection

To create and assign a super administrator task collection for Active Directory:

Create an eDirectory Group and Add the User Account

1. Using Microsoft Management Console (MMC), create an "eControl" container near the top of the domain structure, e.g. ou=eControl.o=ACME.
2. Create a super user account (you do not need to assign supervisor rights to this account), e.g. cn=acme-ad5.o=ACME.
3. Create an eControl Tree Admin Group and make the super user account a member of that group, e.g. cn=eControl-Domain-Admins.ou=eControl.o=ACME.

Create an Active Directory All Tasks Role and Task Collection

1. In the eControl Administrator panel > Manage page, click "Manage Task Collections".
2. In the "Manage Task Collections" window click the Add button.
3. In the "Add Role" window specify an applicable role name, e.g. AD - All Tasks (Note - this role will be reused several times).. Click the __Add_ button.
   
   
    
4. In the "Manage Task Collections" window, click on the new role that was just created in the "Systems and Tasks" pane. This will open to show "Active Directory" and "eDirectory" containers.
5. Click the "Active Directory" container to show a list of tasks. Highlight the "Account Status" task and the rights for this task will appear in the "Rights pane". (Note - when a new role is created, Directory containers for all supported Directory types are added and all rights are unchecked.
   
   
    
6. Highlight each task and check the desired rights to be assigned to that task. This will comprise the task collection (a set of tasks and rights assigned to a role).
   
   
    
7. When all tasks and rights are selected, click the Save button to save the new role and task collection.

Assign the Active Directory All Tasks Role and Task Collection

1. In the "Groups" pane on the "Manage" page under the "Administration" panel, click the Add button.
2. Select the desired Active Directory domain for the System Name.
3. Click the "Group Context", browse the Active Directory domain and select the eControl domain admin group.
4. Select the AD - All Tasks task collection from the drop-down list.
   
   
   
   Click the Add button.
5. In the "Groups" pane, double-click the Active Directory domain admin group.
   
   
    
6. In the "Group Information" window under the "Search Contexts" section, click the Add button.
7. In the "Add Search Context" window, select the Active Directory domain as the System Name, click the "Path" browse button and select the "OU" container to manage, e.g. OU=ACME,DC=Omni2003,DC=local.
   
   
   
   Click the Add button.
    
8. In the "Group Information" window the new search context will appear in the "Search Contexts" list.
   
   
   
   Click the Save button.
    
9. In the "Manage" page click the Apply New Settings button to save the new assignment. (Note - it is import to do this step otherwise your work will be lost if you navigate away from the "Manage" page.)