8 Appendix E: Creating the Required User Groups on AD LDS (ADAM)

This appendix describes how to create the required user groups in Active Directory for use with Logon Manager deployed on an AD LDS (ADAM) instance.

The groups are:

  • SSOAdmins. This group contains at least two users who hold administrative privileges over the target AD LDS (ADAM) instance. This group should also contain users who need to create and push application templates.

    Caution:

    When creating the instance, specify this group as the administrative user group. If you specify a single user, you risk locking yourself out of your Logon Manager deployment if the single account becomes inaccessible.

  • SSOUsers. This group contains all other Logon Manager users.

To create the SSOAdmins and SSOUsers groups and place the desired users in these groups:

Note:

This procedure assumes you have decided which users will belong in which groups and that the target user accounts already exist.

  1. Log on to your domain controller as the administrator.

  2. Open the Active Directory Users and Computers console snap-in.

  3. In the console, expand the target domain and right-click the Users node.

  4. In the context menu, select New> Group.

  5. In the "New Object - Group" dialog, do the following:

    1. Enter the group name shown above.

    2. Select the Global group scope.

    3. Select the Security group type.

    4. Click OK.

    5. Surrounding text describes image105.jpg.

      The new group appears in the list of objects in the right-hand pane of the console.

  6. In the list of objects, double-click the group you just created. The group properties dialog box appears.

    Surrounding text describes image106.png.

  7. In the group properties dialog, do the following:

    1. Select the Members tab.

    2. Click Add.

    3. In the dialog box that appears, enter the target user name and click Check Names to verify the user name. If you receive an error, correct any spelling mistakes and click Check Names again; when the user name is validated, click OK.

    4. Repeat steps 7b and 7c for each additional user you want to include in the group.

    5. When you have added the desired users to the group, click OK to close the group properties dialog box.

      Surrounding text describes image107.png.

  8. Repeat steps 4-7 to create and configure the SSOUsers group.