Skip to Content
Information

This site will undergo a brief period of maintenance on Friday, 18 December at 12:30 AM Central/12:00 PM IST. During a 30 minute window, site availability may be intermittent.

Information
Unsupported content This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Super administrators synchronized with active directory

In this first example we will make the predefined super administrator group profile operable and populate it via Active Directory. For this task we have to execute the following steps:

Defining the super administrator group

Before starting this procedure make sure your directory server is properly configured in CM . You will find information about how to do so in the section dedicated to Managing-directory-servers.

This super administrator profile is an almost exact copy of the predefined admin administrator, with the only difference that it can be edited and modified. This new super administrator thus has full read and write access to all already existing objects as well as any objects that will be created in the BCM database .

  1. Log on to the console with a super administrator or the admin login.
  2. Then go to the Global Settings and the Administrator Groups node.
  3. Select the group called Super Administrators .
  4. Go to the Static Objects tab.
  5. Click the Edit > Add Object object_plus.png menu item.
    The Select Static Objects pop-up window appears.
  6. Select all Top Nodes in the left box.
  7. Click Add btn_add.png .
    The Properties pop-up window appears.
  8. Leave all selections as they are, that is Read, Write and Assign access Allowed and click OK .
  9. Click OK to confirm the selected static objects.
  10. Go to the Dynamic Objects tab.
  11. Click the Edit > Add Results of Query query_plus.png menu item.
    The Select Dynamic Objects pop-up window appears displaying queries that currently exist in the BCM database .
  12. Open the folder BMC Client Management database and select all the queries it contains.
    These queries ensure that the super administrator will be able to see all existing objects of any type as well as those that will be created in the future by any other administrator. 
  13. Click OK .
    The Properties pop-up window appears.
  14. Leave the Read, Write and Assign access as they are, that is Allowed , and modify the Direct Access Acknowledgement and Remote Control Acknowledgement access to Not Required .
  15. Click OK to confirm the access rights for the selected queries.

The administrator group, that is, the specific profile for this type of administrator is now defined and can be populated.

Populating the group via active directory

This super administrator profile is an almost exact copy of the predefined admin administrator, with the only difference that it can be edited and modified. This new super administrator thus has full read and write access to all already existing objects as well as any objects that will be created in the BCM database .

  1. Select the subnode Dynamic Population of the Super Administrators in the left window pane.
  2. Select the subnode Directory Server in the left window pane.
  3. Select Edit > Assign Server link.png
    The Select a Directory Server dialog box appears on the screen. The dialog box lists all available directory servers with their organizational units depending on the base object, that is, in this case it will only display all available user groups.
  4. Select an entry from the list.
    You can either select the directory server itself or one of its children.
  5. Click OK to confirm.
    The Properties dialog box appears on the screen. Here you can specify if all administrators are to be synchronized or you can synchronize with a specific user group by selecting it from the Users sub-node of the directory server.
  6. Select the respective option from the list.
  7. Click OK to confirm.
    A confirmation window appears.
  8. Click OK to synchronize now.
    The connection with the directory server is established and all members of the selected entry are added to your current group. The Directory Server Synchronisation window appears as a confirmation listing all objects that were added with their status which in this case will either be New Object or Error . If more than 3000 elements are synchronized this window will be replaced by a simple confirmation message.
  9. Click OK to close this window.

The name of your group will be changed to the name of the directory server entry followed by the full name of the server in dotted notation. In this case, if you synchronized it with an organizational unit called Relay Servers , our group will now were changed from Super Administrators to Relay Servers.Full.Directory.Name . If the selected group has subunits these will also be synchronized and added to the group as subunit.group.server name . The elements will be added to this group in a flat list ignoring any hierarchy they might were located in on the directory server.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Client Management 12.7