View AD Users

Agent > View AD Users

• This page applies to the following products: On Premises, Kaseya Advanced, Kaseya Essentials, IT Center

The View AD Users page lists all Active Directory users discovered by LAN Watch when LAN Watch runs on a system hosting Active Directory. Using View AD Users:

• Agents can be automatically installed on each machine an Active Directory user logs onto.
• VSA users logons can be created based on Active Directory user logons.
• Portal Access logons can be created based on Active Directory user logons.
• Contact information can be extracted from Active Directory users and applied to the contact information for machine IDs.

Note: You must select a Detail View to see AD users listed on this page.

Switching From Summary View to Detail View

1. Select <All Groups> from the Select Machine Group drop-down to list all domain controllers that have run LAN Watch for all machine groups you're authorized to access.
2. Identify the machine groups and subgroups listed in the Discovered By column.
3. Select one of the machine groups or subgroups in Step 2 above from the Select Machine Group drop-down list to display a details view of domain controllers that are members of that machine group.

Summary View

The summary view of the View AD Users page lists all domain controllers that ran LAN Watch for all machine groups you're authorized to access.

Discovered By

Lists the machine ID.group ID names of domain controllers that have performed a LAN Watch scan.

Users Found

Lists the number of users contained in Active Directory found on a domain controller that ran LAN Watch.

Assigned

Lists the number of Users Found whose contact information has been extracted from the Active Directory and assigned to a machine ID.

Details View

The details view of View AD Users displays a list of Active Directory users on domain controllers that ran LAN Watch within a specified machine group.

Installing Agents on Any Machine an AD User Logs Onto

You can associate an install package with an AD user. This installs an agent package on any machine a AD user logs onto, unless the agent is already installed. Even if the agent is subsequently removed from a machine, the agent will be re-installed the next time the AD user logs on. You can specify the agent package installed for each AD user.

Note: See Install Issues and Failures if an agent fails to install.

To associate an install package with an AD user:

1. Select AD users listed in the Logon Name column of the paging area.
2. Select an agent package from the Select an Agent Package to Install drop-down list.
3. Click Install Agent Policy.
4. Optionally click Update Agent Policies to copy a changed agent install package to the AD user's computer. The updated install package replaces the copy on the AD user's computer.
5. Select an AD user and click Cancel to un-associate an install package with an AD user.

Creating VSA Users Based on AD Users

Create VSA users based on AD users. VSA users created using this method log onto the VSA using their AD domain, user name, and password. This means users only have to maintain credentials in a single location, the Active Directory.

Note: If a VSA user logon is based on an AD user, the VSA user's username and password cannot be changed within the VSA, only in Active Directory. Once usernames and passwords are changed in Active Directory LAN Watch must scan the AD machine again to update the VSA. Ideally LAN Watch should be run periodically on the Active Directory machine to keep VSA logons updated with the latest changes to AD logons.

Note: An AD user can only be associated with either a VSA user logon or a machine user logon but not both.

To create a new VSA user based on an AD user:

1. Select an AD users listed in the Logon Name column of the paging area.
2. Select a user role from the Select User Role drop-down list.
3. Select a scope from the Select Scope drop-down list.
4. Click Create User.

You can confirm the creation of the new VSA user using System > Users. VSA user names based on AD users are formatted as follows: <domainname>|<username>.

Creating Portal Access Logons Based on AD Users

Create Portal Access logons based on an AD users. VSA users created using this method can log onto the VSA Portal Access menu using their AD domain, user name, and password. This means credentials only have to be maintained in a single location, the Active Directory.

Note: If a Portal Access logon is based on an AD user logon, the Portal Access username and password cannot be changed within the VSA, only in Active Directory. Once usernames and passwords are changed in Active Directory LAN Watch must scan the AD machine again to update the VSA. Ideally LAN Watch should be run periodically on the Active Directory machine to keep Portal Access logons updated with the latest changes to AD logons.

Note: An AD user can only be associated with either a VSA user logon or a Portal Access machine but not both.

To create a new Portal Access logon based on an AD user:

1. Click the unassigned link for an AD user listed in the Assigned To column of the paging area.
2. Select a machine ID.group ID account in the popup window. The popup window closes.
3. Select the checkbox for this same AD user in the left most column.
4. Click Create Machine Logon.

You can confirm the creation of the new VSA user using Agent > Portal Access.

Creating Staff Members Based on AD Users

Create staff member records based on AD users. If AD user information is changed, then the VSA updates the corresponding staff member record with the AD user information. This means user information only has to be maintained in one place, the Active Directory.

Note: If a VSA staff record is based on an AD user, the VSA staff record cannot be changed within the VSA, only in Active Directory. Once user information is changed in Active Directory LAN Watch must scan the AD machine again to update the VSA. Ideally LAN Watch should be run periodically on the Active Directory machine to keep staff member records in the VSA updated with the latest changes in Active Directory.

To create new VSA Portal Access logon based on an AD user:

1. Select a department from the Select Department drop-down list.
2. Select the checkbox for an AD user in the left most column.
3. Click Create Staff Member.

You can confirm the creation of the new VSA user using System > Manage.

Updating Contact Information for Machine IDs based on AD Users

If a machine ID is assigned to an AD user, then the VSA updates its own contact information for that machine ID with the latest contact information for that user in the Active Directory each time the user logs onto the machine ID. This enables users to update contact information once in the Active Directory and know the contact information for machine IDs in the VSA will be updated automatically.

Note: If a contact information is based on an AD user, the VSA staff record cannot be changed within the VSA, only in Active Directory. Once contact information is changed in Active Directory LAN Watch must scan the AD machine again to update the VSA. Ideally LAN Watch should be run periodically on the Active Directory machine to keep contact information in the VSA updated with the latest changes in Active Directory.

To assign an AD user to a machine ID:

1. Click the unassigned link for an Active Directory user listed in the Canonical Name column of the paging area.
2. Select a machine ID.group ID account in the popup window. The popup window closes.

Converting Your Existing VSA Logon to use your Domain Logon

You can convert your own VSA logon to use your domain logon as follows:

1. Open the System > Change Logon page in the VSA.
2. Enter your  current VSA password in the Old Password field.
3. Enter you domain and domain logon name, formatted all in lowercase using the format domain/username, in the Username field.
4. Enter your domain password in the New Password / Confirm Password fields.

This enables you to logon to the VSA using your domain logon and have your VSA logon name and password managed using Active Directory. At the same time, you can continue to use all your previous VSA share rights, procedures and other user settings.

Note: If a VSA user logon is based on an AD user, the VSA user's username and password cannot be changed within the VSA, only in Active Directory. Once usernames and passwords are changed in Active Directory LAN Watch must scan the AD machine again to update the VSA. Ideally LAN Watch should be run periodically on the Active Directory machine to keep VSA logons updated with the latest changes to AD logons.

Topic 3729: Send Feedback. Download a PDF of this online book from the first topic in the table of contents. Print this topic.