The dedicated server can be used to offload self-service operations to its own server. Self Service operations would not interfere with automated provisioning and delegated administration. Also, such a server can be placed to DMZ, and the Self Service application can be exposed to all users via the Internet, without the requirement for connection via VPN.
Cayosoft Administrator should be installed on a member server, joined to the target domain - the domain that would be managed with Cayosoft Administrator.
"Cayo Software Admin Service" service is configured to run as a Local System account.
A domain account is created, which is a member of the Domain Users group. This account would be used as an AD service account in Cayosoft Administrator.
- Remember the account, configured for the AD domain credentials in Cayosoft Administrator Console, Active Directory Extension settings:
- Delegate required permissions in AD for the "AD domain credentials" account:
2.1 Run Active Directory Users and Computers as an account with administrative privileges
2.2 Select domain or OU where employee user accounts are located, right-click the node and select Delegate Control
2.3 On the Users or Groups tab, select the account used for "AD domain credentials"
2.4 On the Tasks to Delegate tab, select Reset user password and force password change at next logon
2.5 Complete the wizard
2.6 Repeat the steps 2.2 - 2.4 for the same account, with different permissions:
- Delegate access to Self-Service functionality to your employees in Cayosoft Administrator Console:
3.1 Go to Roles and select Web Administrators role
3.2 Click Add Delegation Rule
3.3 Specify rule name
3.4 Add trustees - users and\or groups from your domain
3.5 Add trustees permissions as shown on the screenshot below