Multi-scope support in Active Directory extension

Overview

Cayosoft introduces support for the multi-organizational-unit scope in the Active Directory (AD) Virtual Admin Units of Cayosoft Administrator. The feature allows to expand the scope of Virtual Admin Units and web queries to a list of organizational units (OU) to facilitate granular control. Consolidate the Virtual Admin Units and web queries to reduce clutter, improve visibility, and simplify reporting.

IMPORTANT: The cross-forest and cross-domain OU scopes are not supported.

Supported items

Refer to the following list of items that support a multi-OU scope:

• Active Directory (AD) Virtual Admin Units.

• All AD web queries.

• All AD object pickers featuring the Limit scope to this domain or OU setting including but not limited to the following:

  • AD Users

  • AD Groups

  • Discover groups

  • Organizational Units

IMPORTANT: You cannot define a unique multi-OU scope in AD web actions. You can set up AD web actions to inherit the multi-OU scope from a web query.

Preparations

Before you proceed, back up the databases to be able to roll back to the prior Cayosoft Administrator state. Refer to the following article for additional information on the DB backup: Backing up and handling Cayosoft Administrator databases .

Setup

A default AD Virtual Admin Unit features a waterfall scope setup:

• An AD Virtual Admin Unit is limited to a single scope. The action and picker scopes are limited to the same scope.

• The included web queries inherit the scope from the Admin Unit. The action and picker scopes are limited to the same scope.

• The object pickers and web actions inherit the web query scope.

The multi-scope feature helps establish a granular scope and combine multiple items in a single point of access. Refer to the following steps to set up a new multi-scope Virtual Admin Unit in your environment:

1. In the Cayosoft Administrator console, navigate to Home > Configuration > Web Portal > Virtual Admin Units. In the right pane, click New Virtual Admin Unit.

2. In the General settings window, specify a name, description, and list of web queries. Click Next to proceed.

   IMPORTANT: Only the AD-based Virtual Admin Units and web queries support the multi-scope feature. The Self-Service Admin Unit does not support the multi-scope feature.

3. In the Virtual Admin Unit settings window, review the Limit scope to this domain or OU setting. Select the Multiple scopes switch and list the target OUs separated by carriage returns or semicolons. Complete the setup by proceeding with the steps.

   

The items included in the Virtual Admin Unit reference the new scope by default. You can edit the child item scopes to ensure granular access in delegated administrators. Refer to the following steps to introduce changes to the scope of an existing web query:

1. In the Cayosoft Administrator console, navigate to Home > Configuration > Web Portal > Virtual Admin Units > target Admin Unit and select a web query.

2. Locate the Limit scope to this domain or OU setting. Select the Multiple scopes switch and list the target OUs separated by carriage returns or semicolons.

   IMPORTANT: The target OUs are not limited by the original scope; you can specify any OUs located in the Web Portal scope domain.

3. Save the changes to the web query.

   

Notes

• When creating new objects with no default OU setting preset, new objects are placed in the first OU in the Multi scope list.

• The cross-forest and cross-domain multi-OU scopes are not supported. When you add OUs from different forests and/or domains, an error is prompted.