|
|
|
|
Directory Services |
Directory Services (KDS) manages the following types of activities.
|
Domain Discovery and Synchronization |
KDS uses a probe agent on a domain computer to communicate with an Active Directory domain. Once connected, the probe "harvests" domain data back to the Kaseya Server and synchronizes the domain with a designated organization in the VSA. Changes in the domain are synchronized with KDS on a scheduled basis and do not require a VSA agent on the AD domain controller. KDS uses the industry standard LDAP protocol to safely and securely communicate with Active Directory domains. |
Synchronization of Security Models |
One of the benefits of synchronizing the VSA with the domain is that the domain hierarchy of folders and items—domains, organizational units/containers, computers, groups, users, and contacts—is automatically "harvested" to create and maintain a similar security model in the VSA—organizations, machine groups, machines, users, scopes, roles, and staff. Service providers are freed from having to enter the same data a second time in the VSA. For example, user data, such as email, phone and other contact information need only be updated in the domain to update corresponding fields in the VSA. Active Directory is mapped to Kaseya as follows:
|
Manages Multiple Domains |
KDS provides consolidated access throughout the VSA to KDS managed domain computers, users and contacts, regardless of whether these domains have a "trust" relationship between them. For example, KDS can provide a consolidated view of the domains of both a primary company and a subsidiary company. |
Agent Deployment |
Once domain computers are discovered, KDS supports:
|
Auto Creation of Users |
KDS can create VSA users based on domain users. This means IT administrators can provide their users the same credential for the VSA and manage authentication and authorization from a single location, using the Active Directory domain. |
Auto Creation of Portal Access Users |
KDS sets policies that enable users to use their domain credentials to logon remotely to their machines using Portal Access. Remote access using Portal Access can be inside or outside of the company's firewall. For example, a Portal Access user might want to access their office computer from home. KDS can also manually assign and remove Portal Access to domain machines. |
Auto Creation of Staff Members |
A domain contact contains contact information similar to information defined for a user, but a contact has no domain logon privileges. KDS enables you to set policies that create VSA staff member records for newly discovered contacts in a domain. Creating a staff record using a KDS policy also creates a hierarchy of departments that reflects the OU/container hierarchy in the domain. |
Mapping Inclusions and Exclusions |
Mapping can optionally include:
To avoid unnecessary mappings in the VSA, all objects are excluded by default. |
KDS Probe |
To interface with an Active Directory domain, you must have at least one Kaseya agent deployed to a computer that belongs to the domain. You then deploy a KDS probe to the domain computer. The KDS probe interfaces with Active Directory via standard LDAP calls. When deploying the KDS probe, you must provide valid domain credentials. These are used to make the LDAP calls. |
Reset Password and Enable/Disable Account |
Resets an domain password or enables/disables a domain user from the KDS module. |
Service Desk / Ticketing |
Designating a Portal Access user for a machine using KDS also auto-populates the user profile information stored in the VSA for that machine. This same user profile information auto-populates submitter information when Portal Access is used to create a Service Desk ticket or Ticketing ticket. |