Enterprise Search to find target objects across multiple forests

Content: 

Overview

There are situations when a company has several hybrid Active Directory / Office 365 environments to manage, each environment comprising an instance of Active Directory forest, Exchange on-premise organization, and an Office 365 tenant. In this situation, some groups of Help Desk or delegated administrators have a need to find and manage objects across all AD forests.

To help organizations manage multiple environments, Cayosoft Administrator introduced an Enterprise Search feature. You still need an instance of Cayosoft Administrator installed in each AD forest and configured to manage each individual hybrid environment. Then, you can dedicate a "Primary Administration Service" and configure its Enterprise Search web queries to search across all connected AD forests, and then open a Web Portal for Administrator installed in the target forest to manage the object from this forest.

To complete the Enterprise Search configuration, you should perform the following steps:

1. Install Cayosoft Administrator in each Active Directory forest and select one of them to be used as a Primary Administration Service. All other Administration Services would be considered as Secondary.
2. For each Active Directory forest, create trust with the forest where Primary Administration Service is installed.
3. Configure Global Search Admin Unit on all Secondary Administration Services.
4. Configure Enterprise Seach web queries on the Primary Administration Service.
5. Enable Enterprise Search in Admin Console: Home > Configuration > Web Portal > Web Portal Settings.  

Installing Cayosoft Administrator in all target Active Directory forests 

Cayosoft Administrator should be installed in each Active Directory forest which objects you would like to search. Such installations would be referred to as Secondary Administration Services. Primary Administration Service is the one you configure for Enterprise Search across all connected forests. 

Creating trusts 

All target Active Directory forests must have a trust with the Active Directory forest where Primary Administration Service is installed. When these trusts are created, each target forest should appear in the Managed Domains table in Active Directory settings for the Primary Administration Service. Because Primary Administration Service establishes a connection to each forest separately, it requires valid credentials and the Global Catalog server to be specified for each connected forest.

Configuring Global Admin Unit in each target forest

Your connected forests might consist of multiple domains. A Global Administrative Unit should be configured on Secondary Administration Service as a landing page, where a user would be redirected from the Enterprise Search results grid.

Global Administrative Units allow a delegated admin to perform administrative tasks on objects, without knowing which of his delegated Administrative Units he needs to browse.

For details on how to configure the Global Admin Unit please see this article: Global Virtual Admin Unit for Global Search – Cayosoft Help Center.

Enabling Enterprise Search

1. Run Administrator Console on the Primary Administration service 

2. Navigate to Home > Configuration > Web Portal > Web Portal Settings in Administrator Console

3.  In the Web Portal Customization section set Enable Enterprise Search to Yes

Configuring Enterprise Search web queries

When the Enterprise Search is enabled on the Primary Administration Service, you will see the Enterprise Search container in the Web Portal. This container has three web queries: AD Users (Enterprise), AD Groups (Enterprise), and AD Computers (Enterprise). To search objects across multiple forests these web queries should be configured with each target Active Directory forest and a Secondary Administration Service settings.

For each Enterprise Search web query for Primary Administration Service you should specify the following settings for Secondary Administration Services:

1. Active Directory forest name, credentials, and Global Catalog server name.
2. Secondary Web Portal URL.
3. The ID of the corresponding Global Catalog Web Query on the Secondary Administration Service to use for the redirect. To get the Web Query ID you should enable Design Mode and copy it from the Query tab > Rule Id.

For configuration details please see the corresponding web queries articles:

1. AD Users (Enterprise)
2. AD Groups (Enterprise)
3. AD Computers (Enterprise)

Managing objects found across multiple forests

In order for delegated administrators to use Enterprise Search in Web Portal, you should add a delegation rule with the Enterprise Search container in its scope.

Each Enterprise Search web query has a Manage web action that opens a new web browser frame and redirects it to the specified Web Query on the Secondary Administrator Web Portal. To be able to manage the found object, a delegated administrator should sign in to the Secondary Administrator Web Portal.