This section describes how to import configuration information (CT group information, CT information, user group information and user information) from the Active Directory Server and create a configuration information tree of Systemwalker Desktop Keeper.
Refer to "OS" in the User's Guide for details on the operating system on which Systemwalker Desktop Keeper can import configuration information from the Active Directory server.
Active Directory Server for importing configuration information is only one server (one domain). Even if a domain trust relationship has been set in Active Directory, the information cannot be imported, but only the data of server that directly links with Systemwalker Desktop Keeper is imported.
To import configuration information from Active Directory, the CT of Systemwalker Desktop Keeper must be installed on the client of link target. Also, the following information must be set in the Server Settings Tool:
System settings
Set the conditions when data link with Active Directory Server is performed.
Settings of Active Directory Linkage
Set the computer name and domain name of Active Directory Server.
Server information settings
Set the information of Master Management Server or Management Server.
According to use, the following are two types of methods for importing configuration information:
Using Server Settings Tool
When configuration information changes, import and update are performed by the system administrator.
Using Active Directory link commands
Register commands in task scheduler and perform import and update regularly.
Because the group will be created automatically under the domain group according to the organization information of the Active Directory Server, there is no need to create a CT group tree and user group tree in the Management Console.
However, a group can be created under the Local group even if Active Directory Linkage is performed. Because the Local group does not link with Active Directory, even if Active Directory Linkage is performed, the subordinate information of Local group will not be changed. The following content can be registered in the Local group:
CT which has not been registered in Active Directory.
User (the user that has been registered in Active Directory Server can also be registered.)
When importing configuration information from Active Directory Server, after deleting OU, user and computer from Active Directory, the correspondent group (CT group/user group) and user information in Systemwalker Desktop Keeper will be deleted unconditionally after the link, and the CT will be placed in the Local group under the Root directory.
In addition, after disabling the user account in Active Directory, the user information (user policy) in Systemwalker Desktop Keeper will be deleted when Active Directory Linkage is executed.
In a 3-layer system structure, when executing Active Directory Linkage on the Master Management Server, a link with Active Directory will be also executed on the Management Server.
Also, in a 3-layer system structure, the method of managing user policy for Active Directory Linkage is to collective management in the Master Management Server.
Use Server Settings Tool
The following describes the procedure of import using the Server Settings Tool.
If the user information imported from Active Directory Server contains the following information, the user information will not be imported.
When the string followed by @ in "User Logon Name (UserPrincipalName)" is zero length or 41 halfwidth (21 fullwidth) characters or more.
Select Execute Active Directory Linkage in the Set menu.
The confirmation window for executing the link is displayed.
[STSY-SEL014] Strat to communicate with Active Directory. Get from Active Directory user information, computer information,level composition information and update the database.. The process will take some time. Start to communicate? [Yes] [No]
If performing Active Directory, click the Yes button.
The information indicating that the data is being imported from Active Directory is displayed.
After the data is imported, the information indicating completed is displayed.
Click the OK button.
Start the Management Console immediately after configuration information has been imported, and the configuration information tree will be displayed as follows.
After registering the client (CT) displayed in Local group the Active Directory Server, the registered client (CT) will be moved to the group after Active Directory Linkage has been performed in Systemwalker Desktop Keeper.
In addition, when performing Active Directory Linkage and deleting the client (CT) managed in the domain group through the Management Console, select the client (CT) to be deleted in the window after Management Console is started (CT policy settings window) and perform Active Directory Linkage after setting to Not as Target to be Linked with Active Directory. As the client (CT) will be moved to the Local group, delete CT information manually.
When a new client (CT) is added, it will be displayed in the Local group first. After this client has been registered to the Active Directory Server, it will be moved to the group to which the client (CT) belongs from the Local group after the link with Active Directory is performed in Systemwalker Desktop Keeper.
As a user will be created automatically when importing configuration information from the Active Directory Server, user policy should be used as well.
After linking with Active Directory for the first time, set the value of terminal initial settings in user policy of the created user. User policy can be modified as needed.
After the second and later Active Directory Linkage has completed, set the group policy of correspondent user group (OU) in the user policy of newly added user.
The applied policy varies depending on whether logged in to local or to the linked domain from the client (CT). The login destination and applied policy in the client (CT) are described.
Operate in the following environment.
After Active Directory Linkage is performed, the Management Console of Systemwalker Desktop Keeper is displayed as follows.
When logging on to the domain specified in Active Directory Linkage
User policy of domain is applied.
In the above example, user A, B and E can operate according to the user policy of the following domains:
User A: Policy (1)
User B: Policy (1)
User E: Terminal initial settings
When logging on to the local computer (if users with the same name exist in Local)
The local user policy is applied.
In the above example, user A can operate according to user policy of terminal initial settings.
When logging in to the local computer (if no user with the same name exists in Local)
CT policy is applied.
In the above example, user B and E can operate according to CT policy.
When logging in to a domain that is not specified in Active Directory Linkage (if users with the same name exist in Local)
The local user policy is applied.
In the above example, when user A logs in to domain B, user A can operate according to user policy of terminal initial settings.
When logging in to a domain that is not specified in Active Directory Linkage (if users with the same name exist in Local)
CT policy is applied.
In the above example, when user B and E log in to domain B, they can operate according to CT policy.
Use Active Directory Link command
The following describes the procedure of importing using the Active Directory link command.
"List of Active Directory Link Organization Unit Targets" can be set before executing the command. Import after limiting the organizations as link targets. The list is stored in the specified location (no need to specify in the command option.).
For details of the Active Directory link command, refer to "DTKADCON.EXE (Active Directory Linkage)" in Reference Manual.
Logon to the Management Server with the user name that belongs to the Administrator or Domain Admins group of the local PC.
Start task scheduler and register the following content:
Active Directory link command
Timing (date, time frame etc.) for command execution
Specify the time frame in which the backup tool, restoration tool and backup command will not be started.
In addition, specify the time frame in which there are fewer users of the Management Console and Log Viewer.
Check whether task program is started normally.
After executing the command, the change of configuration information tree in the Management Console is the same as "Display Configuration Information Tree" of "Use Server Settings Tool".