Dedicated server can be used to offload self-service operations to its own server. Self Service operations would not interfere with automated provisioning and delegated administration. Also, such server can be placed to DMZ, and the Self Service application can be exposed to all users via Internet, without requirement for connection via VPN.
Cayosoft Administrator should be installed on a member server, joined to the target domain - domain that would be managed with Cayosoft Administrator.
"Cayo Software Admin Service" service is configured to run as a Local System account.
A domain account is created, which is a member of Domain Users group. This account would be used as AD service account in Cayosoft Administrator.
- Remember the account, configured for the AD domain credentials in Cayosoft Administrator Console, Configuration > Configure Active Directory:
- Delegate required permissions in AD for the "AD domain credentials" account:
2.1 Run Active Directory Users and Computers as an account with administrative privileges
2.2 Select domain or OU where employee user accounts are located, right click the node and select Delegate Control
2.3 On the Users or Groups tab, select the account used for "AD domain credentials"
2.4 On the Tasks to Delegate tab, select Reset user password and force password change at next logon
2.5 Complete the wizard
2.6 Repeat the steps 2.2 - 2.4 for the same account, with different permissions:
- Delegate access to Self-Service functionality to your employees in Cayosoft Administrator Console:
3.1 Go to Configuration -> Roles and select Web Administrators role
3.2 Click Add Delegation Rule
3.3 Specify rule name
3.4 Add trustees - users and\or groups from your domain
3.5 Add trustees permissions as shown on screenshot below