Adding Active Directory Accounts or Groups

  1. Go to Administration > Account Management > User Accounts.
  2. Click Add.

    The Step 1 User Information screen appears.

  3. Select Enable this account.
  4. Choose a previously configured role in the Select role drop-down.

    For details on creating user roles, see Custom Roles.

  5. Select Active Directory user or group.

    The OfficeScan server must be joined to the Active Directory domain in order to manage user accounts.

  6. Search for an account (user name or group) by specifying the user name and domain to which the account belongs.

    Use the character (*) to search for multiple accounts. If you do not specify the wildcard character, include the complete account name. OfficeScan will not return a result for incomplete account names or if the default group "Domain Users" is used.

  7. When OfficeScan finds a valid account, it displays the account name under User and Groups. Click the forward icon (>) to move the account under Selected Users and Groups.

    If you specify an Active Directory group, all members belonging to a group get the same role. If a particular account belongs to at least two groups and the role for both groups are different:

    • The permissions for both roles are merged. If a user configures a particular setting and there is a conflict between permissions for the setting, the higher permission applies.

    • All user roles display in the System Event logs. For example, "User John Doe logged on with the following roles: Administrator, Power User".

  8. Click Next.

    The Step 2 Agent Domain Control screen appears.

  9. Define the Agent Tree scope.
  10. Click Next.

    The Step 3 Define Agent Tree Menu screen appears.

  11. Click the Available Menu Items controls and then specify the permission for each available menu item.

    For a list of available menu items, see Agent Management Menu Items.

  12. Click Finish.
  13. Inform the user to log on to the web console using his or her domain account and password.