Installation of Cayosoft Administrator server dedicated for Self Service operations

Overview

The dedicated server can be used to offload self-service operations to its own server. Self Service operations would not interfere with automated provisioning and delegated administration. Also, such a server can be placed to DMZ, and the Self Service application can be exposed to all users via the Internet, without the requirement for connection via VPN.

Prerequisites

1. Cayosoft Administrator must be installed on a member server, joined to the target domain - the domain that would be managed with Cayosoft Administrator.

2. The Cayosoft Administrator Service is configured to run as a Local System account.

3. A domain account is created, which is a member of the Domain Users group. This account would be used as an AD service account in Cayosoft Administrator.

Configuration

1. Remember the account, configured for the AD domain credentials in the Cayosoft Administrator Console, Active Directory extension settings:

2. Delegate required permissions in AD for the AD domain credentials account:

   • Run Active Directory Users and Computers as an account with administrative privileges.

   • Select the domain or OU where employee user accounts are located, right-click the node and select Delegate Control.

   • On the Users or Groups tab, select the account used for AD domain credentials.

   • On the Tasks to Delegate tab, select the Reset user password and force password change at next logon.

     

   • Complete the wizard.

   • Repeat the steps 2.2 - 2.4 for the same account, with different permissions:

     

     

      

     

3. Delegate access to Self-Service functionality to your employees in the Cayosoft Administrator Console:

   • Navigate to Home > Configuration > Roles > Web Administrators.

   • Click Add Delegation Rule.

   • Specify rule name.

   • Add trustees - users and\or groups from your domain.

   • Add trustees permissions as shown in the screenshot below.