ADManager Plus Session 1 - Effective AD management and reporting.

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone very good afternoon thank you very much for joining today's session my name is Vivian Safian and I am the pre-sales consultant for the ad solutions team here at manage engine now as a pre sales consultant I do take care of implementations of the Active Directory suite of products for various organizations located all over the world all right so now we here at manage engine especially the Active Directory solutions team came up with this idea of inviting all our evaluators together into one text session and then give them an insight about the application so they understand the capabilities of ad manager plus so that's the idea behind this session here to bring together all our evaluators and then have a text session so that if you have any questions you can just shoot out the questions to us and then we'd be more than happy to explain the questions I mean answer the queries or explain a specific feature if you are interested all right now talking about the topics and the sessions here so the entire session is split into two day one and day two 30 to 45 minutes now day 1 I will be covering a certain set of features and day to another set of features so that you understand the features of the applications even better you get to know an overview something much more than an overview about the application all right so it's day 1 and day 2 so day 2 is going to be on Friday same time so you'd have a session and if you're not able to attend the session for some reason or the other we have the session recorded and we'd be more than happy to share the youtube link with you all right so topics for day 1 now day 1 I'll be about Active Directory and office 365 management and reporting so it's going to be management and reporting so when I say management I am referring to object management within Active Directory so you might be administrators of your organization or you might be technicians so if you are part of the IT department so you have this basic responsibilities of managing objects within Active Directory now the whole point of introducing an application like ad manager plus to you is to overcome the complexity that we have with the native tools when I say native tools I am referring to tools like PowerShell we be your exchange management console Active Directory users and computers and link management console your office 365 admin Center and all that so instead of toggling between multiple windows or using complex methodologies you can do or you can achieve the same or even much more using ad manager Plus and I'm going to show you how to do that in a short while I am NOT trying to belittle PowerShell here PowerShell is a very powerful tool but the problem or the challenge that we have is partial is good at querying but partial is not good at formatting and that's when you need to have a tool like ad manager plus to retrieve information from attribute or e with just few mouse clicks instead of spending more time with the native tools all right so it's going to be all about object management and reporting so when I say reporting how do you get crucial information from Active Directory when I say crucial information for example how do you find out how many users are inactive in your Active Directory infrastructure and how do you find out who has access to a confidential folder in your windows infrastructure now that confidential folder might have business critical data or user critical data so how would you ensure that only the appropriate users have access to that data and even if you find that there are certain users who shouldn't be there on the list are there how would you perform a permission cleaner so we are going to discuss all that on day number one now day two next session we will be talking about different set of features namely delegation automation and workflow so when I say delegation so you are an administrator and you have ten technicians in your organization now if you want those ten technicians to perform an action in Active Directory the first thing you normally do is you elevate their permissions in Active Directory now wouldn't it be much more effective and secure if there is an alternative an alternative in the sense if you have an option to delegate certain tasks to your technicians and give them access to a console they log into the console and they perform the exact actions that you want and with all the restrictions in place but at the same time you are not going to elevate the users permission in Active Directory in any way wouldn't that be nice that's something that we will be discussing on day two when we talk about delegation and we will be diving in into its details when we discuss about delegation now automation is all about you tell the application to do something in Active Directory on a specific date and time the application does it for you for instance the HR gives you a list of user accounts to be created and what you do is you tell the automation to create five user accounts three of them belonging to the IT department and one for the marketing team and the other one for the finance team all right so you tell the application to create five accounts next Tuesday at 10:00 a.m. and the application does it for you not only that you tell the application to find out the users who are inactive in your Active Directory infrastructure disable the accounts move them to a different or you remove them from all security groups for security reasons and then delete the accounts from Active Directory after 90 days if you'd like to automate the process yes you can do that as well talking about workflow so Active Directory workflow is something like a request and approved methodology let me give you an example here so instead of the HR writing out the names of the user in a spreadsheet and then sharing the spreadsheet with you for account creation you give the HR access to a tool like ad manager plus so they raise a request for account creation and that request gets forwarded to the next level for approval and you have multi-level approval workflow here which means if there is going to be an IT technician so the IT technician will be the first level of approval and then maybe the line manager are and the third level of approval can be an IT administrator and if you think that these three levels of approval are not required I'm ok with one level of approval yes you have an option to customize the workflow as well so we'll be discussing about all this on day 2 but for now as I said we will be focusing more on management and reporting alright so let's get started here let me log in now if you have the tool installed in your laptop I are on of your service you can access it and some of you who might not have installed the application all you need to do is just go to ad manager plus com that's the site if and you have the download link right here and you have all the resources related to the document online itself so you just go to the resources and you download the documents we have case studies your use cases and if you'd like to get to know more about our customer base you have it right here ok so ad manager plus com is the name of the website ok now after installing the application you log into the application and you're all set to manage your Active Directory infrastructure all right now as soon as I log in to ad manager plus the first thing that I would see is I would find three graphs here so three graphs our domain so if you have configured multiple domains let me to quickly take you to the domain settings link right here so if I go to domain settings I have configured three domains for this installation which means from a centralized console I will be able to manage the objects of all these three domains all right so if I go back to the Home tab I would find three graphs for every domain that I have configured so in the first set of graph the first graph gives me the number of user accounts in my ad infrastructure how many of them are inactive disabled locked out and how many are password expired users I have the count right here so this is something like an all of you so you have the same overview for computers workstations and domain controllers and also for groups or use and GPS as well you would find the same set of graph for every domain that you have configured this is for the second domain and if you scroll down you have the graph for the third domain so this gives you an overview this is something that you do not have in your Active Directory users and computers if you log into Active Directory users and computers that's not going to give you an overview about the objects in your Active Directory domain whereas this page the home tab gives you an overview about your configured Active Directory domain alright now let me go to ad MGMT now we will be focusing on Active Directory management and reports for this session as I told you we will be talking more about delegation workflow and automation on data or arm session to okay now when I see Active Directory management I am referring to object management and when I say object I'm referring to users computers groups contacts and GPIOs apart from that I'd be able to manage for use and if you have Exchange Server installed in your organization and you are trying to manage mailboxes be it a normal user mailbox or a shared mailbox room or equipment mailbox you have a separate category for that as well okay and also we have a section dedicated for managing permissions I'm going to talk about this in a short while so please watch out for this section which is a file server management alright okay now let's start with a basic process here which is account provisioning so what I'm going to do now is I'm going to create an account an Active Directory user account so right now I'm in user management and I'm trying to create a user account in Active Directory now I go to create single user now I request you to notice something here okay now think of any object in Active Directory you would find it in this layer that's the speciality of this layout so you have all-in-one layout so if you have a look at the general tab you have all the basic attributes for your user accounts that includes first name last name there's pre Windows 2000 the logon name employee ID and the oh you in which the account is to be created and all that the account tab has the most important attribute of all which is member of the group membership of your user accounts if you want this user to be a member of five different security groups this is where you define it and if you want if you're creating an account for a contract employee and you want that account to expire at the end of 2017 this is where you define the account expiry time all right and some of you might be administrators of financial sectors and you do not want your users to be logging in after 8 p.m. so you can define the log on our restriction from here all right now talking about the contact all the contact related attributes like title department company and other stuff now these are the basic Active Directory attributes now apart from the basic Active Directory attributes you have something else you have exchange you have Terminal Services you have links type for business or custom attributes and even office 365 and Google Apps so you have option arming options here for everything so if you just go to the exchange tab and if you're going to create a mailbox for the account you just go to the radio button mail box enabled user now once the prerequisites are met the mail servers will be detected here and all you need to do is just choose the right mail server and the store the rest of the attributes will be Auto populated you just go ahead and create an account and if you'd like to enable remote mailbox very simple just go ahead and select the check box here and you enable remote mailbox for this account that you're going to create Terminal Services same link LCS OCS the same procedure so you just go to the link serve of Skype for business you choose the link server here and all the settings and you can even configure custom attribute using the application without extending your Active Directory schema that's the best part yet we're not going to touch the schema we are not going to make any permission changes to your Active Directory infrastructure but you still get things done that's how you do it so you can even configure custom attributes as well now if you feel that filling all these attributes one by one is going to be time consuming you'd like to get things done at much more quicker you have an option to copy an existing users attribute you just got a copy user attributes here so let's say this is your Active Directory infrastructure and you'd like to copy the attributes of a specific user account belonging to the same department as the account that you're going to create so you go to select attributes here and then you pick and choose the attributes that you're going to copy so what attributes are you going to copy in from the general category and what attributes from the account category so on and so forth so you select the attributes that you're going to copy and you hit OK and the minute you hit apply all the selected attributes will be copied to the layout so this saves you a lot of time if you already have an account and you'd like to copy the properties of the account as such for this new account this is how you do it all right now I was talking about office 365 and Google Apps account provisioning so 360-degree account provisioning so you normally create an ad account you can even enable exchange remote mailbox Skype for business office 365 and even Google Apps alright so in order to add the office 365 tab here or even the Google Apps tab all you need to do is a simple configuration and there you go to make the configuration it's right here in the admin tab you go to the admin tab you have two links one for Google Apps and the other one for office 365 you just go the office 365 link so Windows Azure module must be installed on the ad manager plus server for you to use office 365 and you do not have to search or Google for the Windows Azure ad module you have the link right here so you just click the link download the Windows Azure ad module and that's it so within a matter of minutes you'd be installing the windows azure module after which the only thing you need to do is provide a valid office 365 credential here and link it to any domain that you want and then hit save so after you done that if you now go back to the creation layout you would have office 365 here you will be able to create an account an office 365 account at the same time as you create an ad account here now this is just for creating one account now what if you have a requirement of creating accounts in bulk let's say five user accounts and all five of them belonging to different departments that's when we have something called as templates user creation templates you have it right here user creation templates and user modification templates now if you go to user creation templates I've already created sample templates here as you might notice I have created one template for the finance department and another template for the HR department and another one for marketing sales and IT so all these templates have different configurations now the layout of the template is pretty much the same layout as the one that you saw in the user creation layer so I'm just going to quickly create a template for you and I'll also be showing you the additional options that you can use to effectively provision user accounts in a tee and creating a template is going to be a one-time thing all right so you create a template and then you can use it every time you have a requirement for account creation so you go to create new template as you might notice the layout is the same but the only difference here is you will be able to define the attribute format here for instance if you want the logon name of the IT users to be something like first name dot last name at domain.com you hit the drop-down you look for the format the format is right here first name dot last name at domain.com and the example format is right here if the first name of the user is going to be John the last name is Smith so the format would look something like John Smith at domain.com and if you have a naming format that your organization follows this is where you go to create your own naming format so you can create a customized format specific for your organization and then once you successfully save the format that format would get listed here you can simply go ahead and use the format all right now this is something rated to the template now you you have the same copy user attributes right here so the same option that you have in the user creation layout is also in the layout of the template so if you already have an ID user account and you're creating a template for the IT department if you'd like to copy the users property as such but say most of the attributes not all but leaving out the unique attribute if you're going to copy all the general attributes you just go to copy user attributes and then copy them okay now you might be delegating this template to the HR delegating this template to the IT technician or even to another administrator now if that's the case the layout may not be the same for all the users now based on their job role or their responsibilities in the ad hierarchy so what you can do is you can customize this layout how do you customize this layout you have something called enable drag-and-drop so let's say you are going to delegate this template to an IT technician all right you don't want the IT technician to be filling values for exchange or remote mailbox so how do you get rid of those two options from the layout very simple you go to enable drag-and-drop and when I hit enable drag and drop you might have noticed that this layout becomes now customizable so which means if I do not want the exchange tab I just go to the exchange tab and I have something called delete tap delete' all right too now if I don't want the webpage attribute to be here in this layout I think this is not necessary for my organization I delete now before deleting I want you to notice something else here so you have two other options which is edit and make silently active now make silently actor would be very useful for you when you already configure a value for a field in this template and you save the template and you delegate this template to your technician but you'd like to make sure that the technician is not changing the value so this that's when you can use the make silently active option so if you make an attribute silently active the value will be passed to active directory but the technician or the person using this template will not be able to alter the attributes value that's what makes silently have to dust alright so if I'd like to delete this attribute from the layout you just hit delete it okay the attribute is gone now what if you have deleted an attribute by mistake and you'd like to bring it back to the layout so you have the field tray in the left hand side so any attribute that you delete will be placed in the field tray here and if you need to bring this back to the layout just drag and drop that's it you can even make that attribute mandatory without extending the schema all right so for instance I have employee ID here so you might notice that employee ID is in black font so which means employee ID is not a mandatory attribute in Active Directory but you don't want your helpdesk to skip employee ID right which means you need to make that a mandatory so the only way by which you can make it mandatory is by extending the schema but how would you do the same without extending the schema that's what the customisation allows you to do so all you need to do is just edit the attribute you have three options mandatory read-only and none you select the option mandatory it done that's it so now as you might have noticed we have an asterisk here a red asterisk sign here besides employee ID which means now we have made this attribute mandatory all right another option yet you have in the user creation templates is dealing with duplicate accounts if you are creating ten accounts you might have an account with the same name as that of an existing user in AD let's say you already created an account John Smith and two months down the line you create another user account with the same name so which means there has to be a way by which we deal with duplicate accounts this customization also allows you to deal with duplicates so how do you do it so you edit an attribute and if you have a look at the bottom off the pop-up window you have something called prevent duplication and a checkbox below that you can check for duplicates in the domain level or at the forest level depending on your requirement and we have three choices if a duplicate entry is found you can apply a different naming format something like if it's gonna be John Smith you can maybe apply a format like J Smith at domain.com or you can even create your own customized format here the second option is you can simply append numbers to the duplicate entry so if the first user is John Smith the second user would be John Smith - and if it's gonna be another duplicate entry it would be John Smith 3 or simply don't create user account so you would have an error message popping up in the user interface stating an account with the same name already exists that's what you have in the traditional Active Directory users and computers console alright so that's an overview about the user creation templates now after you have created a template let's say you have created a template for the IT department and you are going to create five accounts for the IT department so another thing that you would want adding to the template is a CSV file so the CSV file will have the name of the user accounts that you're going to create whereas the template will have the other configurations are the attribute values and formats that you want so if you bring these two things together you can create any number of user accounts in Active Directory with all the attributes that you have in mind so we're not talking about partial account creation here we are talking about 360 degree account creation that includes an ad account exchange account office 365 and mail and even Google Apps account and also Skype if if you use Skype at all alright so I was talking about the CSV file here so let me quickly show you a sample CSV file this is how a sample CSV file would look like so the first line is going to be the header and below which you can just go ahead and specify the first name and the last name of the user accounts this is a very basic CSV file you might notice something here so I have not used first name comma last name instead I have used something different which is given name comma s N and if you're wondering what's this given name and SN it's nothing but the LDAP format for the first name and the last name in Active Directory so if you are creating a CSV file please make sure that the header that you are using is an LDAP format all right and if you're wondering on where to go to get the exact LDAP mappings for an attribute in Active Directory we have it covered all you need to do is just go to the help document here if you just have a look at the top right corner you would have something called help besides the license link you just go to help and you go to CSV input because that's what we're trying to do you're trying to import a CSV file that has the name of the user that you're going to create because CSV import create users using CSV list of LDAP attributes supported now this document gives you the mapping of all the attributes for first name the LDAP is going to be given name and for the last name it's going to be SN and if you're trying to populate the full name the header that you should be using in the CSV is name or CN so you have mappings for pretty much all the attributes here you can use this as a reference document right now are you can just go with a very simple CSV file so you can add any attributes that you want to the CSV file so if you'd like to add description you just go ahead and add any attribute that you want please make sure that they are an intellect format that's the only requirement now after you have created a CSV file and a template let's say you're going to create two user accounts James Smith and Ronald Steve so James Smith is going to be a user for the IT department and the second user is going to be for the HR department so you have two different users are belonging to different departments which means you'll have to call two different templates so the only thing that you need to do is just specify a header template Lin and if you're going to specify the template name below which you specify the value of I mean the template name the actual value of the template so you actually map the user to the correct template now after creating a very simple CSV file all you need to do is just go to create users in bulk you have the second link right here and then you import the CSV file that you have created so if you have multiple templates within the CSV file all you need to do is just hit OK and the accounts will be created in Active Directory alright or if you are creating 10 user accounts belonging to the same Department all have the same configurations you can choose the template from here itself so you just go to change let's say template for the IT department accounts you hit OK and then import the CSV file without the template name in the header so you can do a lot more using the user creation layout and this that's what that was just for the creation part now when it comes to management management management can be split into three creation modification and deletion so we have just discussed creation here the next step is modification so when I say modification that branches down into mulberries active directory actions so you can reset the users password you can unlock the account modify the group attribute let's say you have a list of users that you are going to disable in Active Directory so they might have left your organization and as a policy as a security practice you are going to remove the users from all groups all right so if you are going to use the Active Directory users and computers in order to find out the exact group membership of the user account you might be you know that's often deceptive the reason is the Active Directory users and computers console gives you only the direct group membership of a user account alright so what if one of those groups are itray tably linked are in a nested manner linked to ten different admin groups the Active Directory users and computers console isn't going to tell you that the user is a part of ten different admin groups in a nested manner so if you are planning to remove the users from all the groups for security reasons soon after they have left the organization you simply go to group attributes and you have a checkbox right here which reads clear all group members but you'd like to still keep them as a member of one basic group let's say domain users or any other basic security group you set a group as primary and you can even add the user to the same group and this is where you import the spreadsheet or CSV file that you have and just hit go that's it I'm talking about bulk operations here alright so you're not going to use scripts you're not going to be toggling between multiple windows you're just gonna create a very simple CSV file something like this that just has a unique identifier of the user accounts and then import the same file here and within a matter of minutes minutes or even seconds you will be able to manage users and bulk right let's say you are going to move users from one oh you to another you can use the same process you just go to move users select the target container the destination and then import the CSV file hit go that's it and if you're trying to delete users just follow the same process import the CSV file just hit go and if you're trying to restore deleted user accounts in Active Directory the process is the same so import the CSV file hit restore all the user accounts will be restored in Active Directory and you'll have to notice one thing here if you are using enough I mean if your domain functional level is something equal to 2008 r2 or something about that you would be able to restore all the attributes related to a deleted object deleted user object alright okay so that's for modifying user accounts so some of you might be using exchange and if you are trying to migrate exchange from one server to another mailboxes from one server to another you have something called migrate mailbox right here alright so you just go to migrate mailbox specify the target exchange server and database both the same CSV file the farm the migration or complete the migration within a matter of minutes right and also sending mailbox rights which is very very important all right so if you're going to set permissions on let's say the mailboxes for 50 accounts you just go ahead and define the permissions right here it can be an allow origin I permission select a group or user and then select a permission here it can be delete mailbox read change full ownership or full mailbox access and then select the levels of access it can either be that object or sub objects or sub containers you select that and you hit add so you can do pretty much anything using the application when it comes to object management the same holds good for computer group and contact management as well so I'm going to be talking about all these other topics in detail but before that I'd like to cover some important reports all right now if you are trying to get information from Active Directory without using scripts then this is the application that you might have to try so you can just give it a try I'm going to discuss some basic reports here because we have close to 200 reports all categorized in the left-hand side so you have reports for users passwords groups talking about permissions who has access to what you have the NTFS report that gives you the answers for that question and you have reports for office 365 - so how many users are active how many users are inactive and among the active users what is their license details what is the subscription and all that talking about compliance yes we have reports for that as well so let me start with a basic report here and things that you can do using a very simple report so you have the all users report right so all users I have three domains I select a domain and I'd not like to get the list of users and in the entire organization I'm interested in a specific or you or let's say - or use for that matter so in order to query the users all the users belonging to a specific or you organizational unit I just got to add or use and then I select the or use that are required all right so I select the OU's I can even exclude child OU's from the search but for now I just hit OK and then I hit generate the minute I had generate the application contacts all you domain controllers and then here in ghost so it's now trying to retrieve objects from your Active Directory infrastructure all right sir now retrieves information so I'm just going to stop the report here for demo purposes now as you might have noticed we have close to 3,800 users right here now that you have the list of user accounts in your Active Directory infrastructure and if you wish to manage some of these user accounts all you need to do is just select the checkboxes of the user accounts that you'd like to manage and you have the management options right here you can delete the selected accounts disable them if you want you can move the selected accounts to another or you or if it's something else you have the more actions you go to more actions hit the drop-down you can reset their password and lock your account think about any management action that you want to perform you have it right here you have actions for exchange you can set their delivery limits and you can even modify their Terminal Services attribute as well so just by generating a report you can manage the objects so this is what we call us on the fly Active Directory management now isn't as much easier bad descripting and having to toggle between multiple windows for me yes this is definitely much more easier you can even export this report to any format that you want CSV PDF xlsx HTML or CSV de and if you do not have a time to log into the application and then generate the report you can even schedule this report you can even schedule multiple reports if you want and you can tell the application to email the report every Monday at 10 a.m. the application will do it for you and the most important feature that I wanted to discuss with you is gaining more insight on the user attributes how do you gain more insight you have something called add or remove columns so I want you to notice this layout here so this layout has close to eight attributes first name last name of the user accounts the department to which they belong their full name their display name employee ID the password expiry time and the distinguished name and other attributes if you'd like to add more attributes or remove certain attributes from this layout you go to add remove columns and then you have two columns here available attributes in Active Directory and the selected attributes that you see in the report if you just scroll down you have close to fifty attributes that you can just pick and choose and then add to the report so if you'd like to find out what's the company name or what's the city or what's the account status whether it's enabled or disabled or what's the account expiry time what's the manager attribute their email address are what's the asam account name or password status or password last set password expiry you can just go ahead and add any attribute to the report that includes the custom attribute as well employee ID and employee number and then hit OK so the view gets modified and you get to know all the information that you want this is just one report you have a lot more to explore so users with empty attributes so how would you find out whether there are any users with employee ID attribute empty you just gotta use us with empty attribute you select the attribute that you'd like to query and you'd like to know whether there are any users with no employee ID so you select employee ID right here hit save and then hit generate so the application is going to tell you whether there are any users in your Active Directory infrastructure with no employee ID and you can also do the same for these many attributes right here and how would you find out whether there are any users in your Active Directory infrastructure with the same attribute value for instance if let's take employee ID the same employee ID you don't want to users to have the same employee ID in your organization so if that's going to be your concern you just go to users with duplicate attributes select the attribute as employee ID right here employ and employee ID hit OK and if you had generate this result is going to give you the list of users who have duplicate employee IDs and its value so that you can just go ahead and modify from the report itself and talking about account report so if you'd like to find out if there are any disabled users any logged out users if there are any users whose account is expired yes you can do that now another interesting report is inactive users so if you'd like to find out whether there are any users in your Active Directory infrastructure who have not logged into your ad domain in the last 300 days or hundred days or 50 days you just go ahead and select the time period from here and then hit generate I in fact I want you to try this out right now rights please login to ad manager plus go to ad reports and and you have inactive users report right here select inactive users report any time period and then had generate so this report will tell you when did the user last login all right so and whether the account status is enabled or not now if you'd like to remove those users from Active Directory it's just a matter of selecting check boxes here and performing the management action so the the other options are the same so you can just go ahead and generate the report and see it for yourself all right now we have other interesting reports like password expired users or password unchanged users this is very important from a security standpoint if there are any users who have not changed their password since the account has been created you might want to find that and you might have to either if they are administrative accounts you might have to force a change password or even recently a password for security reasons so password unchanged uses Group reports now as I told you the Active Directory users and computers will only give you the direct group membership of a user account and not the nested group membership and when I say nested group membership for example a user can directly be a member of group a and B and group a if it is in turn linked to 10 different admin groups the active our users and computers console isn't going to tell you that the user is linked in a nested manner to ten different admin groups all right so whereas this report can give you the information detailed group members so you select a specific group and you just go ahead and find out the users within the group groups within the group computers and contacts within the group so I want you to try this report and then find it for yourself you would find something really amazing so this all this you get with just few mouse clicks that's the best part here now let's talk about ntfs report so let's say you have a confidential folder and you want that confidential folder to be accessed only by the administrators and no one else so you are not quite sure whether it is just the administrators or someone else who has access to that folder so what you do is you quickly go to NTFS reports and then you go to permission for folders right so and then you select the confidential folder here let's say confidential data is the name of that shape shared folder and it has 50 subfolders within it so you just select all the 50 subfolders and then you hit generate now the minute you hit generate it's going to give you the list of users who have access to that folder so I see that the administrators have access to the folder which is good I see that a user account has access but something that is to be noticed is I find that the everyone group has access to the confidential data which is not good now I'd like to make sure that only the administrators have access and I'd like to remove all the other entries how do I do that how do I perform a permission cleanup I go to ADM GMT and then I go to file server management I go to remove or modify NTFS permissions I select the same confidential folder here and now this is where I choose the administrator group so I select the administrator group it's right here the administrators and it's the group I hit ok but the job is not done right it's just half done so how would I remove the existing permissions and then set only the administrators very simple the second check box here does the job for you so if I select the second check box which reads remove all existing permissions and apply only the above ones only this palm we'll be set whereas the existing ones will be wiped out it can even be thousand users or two hundred groups having access to that selecting this checkbox is going to wipe out the entire function list and then set the administrators to the account that's it and you can define the level of permission that the administrator should have on the confidential shared folder it can just be a read or even write or delete whatever it is and if it has subfolders you can also decide the level of permission on the subfolders and it can be an a love or a denied permission all right so talking about office 365 you can find out how many users are inactive in your office 365 infrastructure why is it even important you very well know that office 365 is licensed based on the number of mailboxes so initially you purchased the licenses for three thousand mailboxes but three months down the line only 2500 users are active five hundred users have left the organization for some reason or the other already account is disabled and the next year when you renew the licenses you would still be paying for three thousand users so in order to avoid all that you need to have a clear understanding on the number of active users and the inactive users this report is going to give you the information that you're looking for in active users now once you have this information you'd like to remove the licenses from these inactive users in order to remove the licenses from the inactive users you quickly go to ad MGMT you have office 365 management right here and then you go to assign or remove licenses so you can assign or remove licenses from those active I mean inactive users and once you have removed the licenses from the inactive users you can use use that license to map it to the active users so a quick recap on today's session we discussed about Active Directory management and reports some of the features that are within the application you have a lotmore and we discuss something about the reports as well so we discussed about inactive users finding out the exact group membership of the account and who has access to what the NTFS report section so on and so forth now the next session which is on Friday we'll be discussing about the other features of the application now in the meanwhile if you have any questions pertaining to the application or if you need to if you need more explanation about a feature or you'd like to understand the functionality of the application as hold you need a proof of concept please shoot out an email to support at ad manager plus com we'd be more than happy to assist you we work 24 by 5 and you can always get in touch with us for any technical query or even it can be a query related to the pricing or other stuff as well alright so I see that I have some questions posted in the chat session I mean in the chat window I'll make sure to get back to you everyone as soon as the session is over so the recording of this session will be available to you and we are I will be able to share the link and you can use the same webinar link to join the session on Friday as well that is session 2 so thank you very much you all have a nice evening bye you

Info

Channel: ManageEngine ADSolutions

Views: 12,834

Rating: undefined out of 5

Keywords:

Id: tZv-zfdsQa0

Channel Id: undefined

Length: 52min 50sec (3170 seconds)

Published: Tue Sep 20 2016