Advanced Active Directory concepts

These are advanced Active Directory (AD) concepts that may be useful for your Zylinc solution. You don't need to use them.

You can use up to ten additional AD attributes as custom fields and map them to selected Zylinc fields:

  1. In the Zylinc Administration Portal menu, select NETWORK > Directory Settings

  2. In one of the available Custom LDAP Fields, enter the name of the attribute

    From the Zylinc solution's point of view, AD attributes are case sensitive, even in cases where the directory itself isn't.

    To view the exact case sensitive name of an attribute: In the Active Directory Users and Computers menu, select View > Advanced features. A new tab with the name Attribute Editor becomes visible the next time you view users, groups, contacts, etc. On the Attribute Editor tab, you can copy the value of the name attribute, to get the exact AD attribute name to use for the Zylinc Administration Portal Custom LDAP Field.

    If you can’t get access to Active Directory Users and Computers, use the free tool Softerra LDAP Browser to inspect Active Directory properties.

  3. Click Save

  4. Click Reinitialize

  5. In the Administration Portal menu, select SYSTEM > User Directory

  6. In Custom Field Mappings, select the Zylinc field that you want to map the custom attribute to

  7. Click Save

  8. Click Format Users

AD has a standard feature with which you can specify people's managers. As an administrator, you can also make people's managers available in ZyDesk:

  • In ZyDesk search results, you can enable a new column that displays people’s managers.
  • In ZyDesk User details, you'll a get new link that takes you to the selected person's manager.

To make people's managers available in ZyDesk:

  1. Log on to ZyDesk as an administrator

  2. Use the search function in ZyDesk to test that you can find a user as well as the user's manager.

    If you can't find them, you'll need to add them to the ZylincInclude group, or another group that adds them as users and makes them visible in Zylinc.

  3. In the ZyDesk menu, select File >Settings > Administration > License > Profiles, and click Edit Profile

  4. Select the relevant profile, and click Edit license.

  5. In Profile License Module Editor, select Time > Time_ManagedByColumn

  6. In Profile License Module Editor, click Save

  7. In Edit Profile, click Save

  8. In Settings, click OK

  9. Restart ZyDesk, and log in to ZyDesk as an administrator

  10. In the ZyDesk menu, select Settings > Interface > User > Details

  11. In the Work section, select Managed by

  12. Click OK, restart ZyDesk, and log in to ZyDesk as an administrator

  13. To make the Managed by column visible, right-click on any column, and select Managed by

As an administrator, you may want to change the positions and widths of the columns, and then save the layout. You can use the Layouts > Save As in the ZyDesk administrator menu to do that.

What if managers' names look strange and begin with CN= ?Closed If a manager's name looks strange, begins with CN=, and contains a comma-separated list of organization unit names, it's because the Zylinc solution can’t find the manager in the phone book, and instead displays the database key. In such cases, the database key is the distinguished name (DN) of the manager. To solve the problem, add all required managers to the ZylincInclude group. Alternatively, add them to another group that adds them as users and makes them visible in Zylinc.

You can enable a feature that adds the values of the two AD attributes description or info as search keywords to the users or contacts in the Zylinc solution.

How to find the description and info attributes in Active Directory:

  1. You can view the attribute with the name description in Active Directory Users and Computers if you double-click the user, and then select the General tab. When you do that, the Description field contains the value.
  2. You can view the attribute with the name info in Active Directory Users and Computers if you double-click the user, and then select the Telephones tab. When you do that, the Notes field contains the value of the info attribute.

Set up the two AD attributes description or info as search keywords for a user or contact in the Zylinc solution:

  1. In Active Directory Users and Computers, double-click the required user or contact. Make sure that the user is a member of the group ZylincVisible.

  2. On the General tab, in the Description field, enter a comma-separated list of keywords for the user.

    Example:

    desc1,desc2,desc3,desc4

    You can use other characters than commas for the keyword separator, see the following steps.

  3. On the Telephones tab, in the Notes field, enter a comma-separated list of even more keywords for the user.

    Example:

    note1,note2,note3,note4

  4. In the Administration Portal menu, select NETWORK > Directory Settings, and click Reinitialize

  5. In the Administration Portal menu, select SYSTEM > User Directory

  6. In the Keywords section, select Description and select Info

  7. In Seperator, enter , (that’s a comma). If your keywords a separated with a different character than a comma, you can enter a different separator here.

  8. Click Save

  9. Click Format Users

  10. Click OK

  1. Refresh client manager cache:

    1. Open the following URL in a browser: https://<Zylinc Windows Application Server>:8443/ClientManager/

      Example: https://WinAppServer:8443/ClientManager

    2. Ignore the security warning about the certificate, and continue to the website

    3. Click Snapshot

    4. Log in as: User name:adminPassword: the password for Windows Tomcat 8080 user admin

    5. Click Reload Settings

  2. Restart ZyDesk

  3. In the ZyDesk search field, enter one of the keywords you specified for info

  4. The search results should return the user that you have added the keywords to

  5. In the ZyDesk search field, enter one of the keywords you specified for description

  6. The search results should return the user that you have added the keywords to

In support scenarios it's often helpful to be able to log in to Zylinc clients as an end user. However, IT best practice prevents that you can ask end users for their passwords or change their passwords to something else.

Also, the process required to get a personal test user, and the time it takes to recreate specific user errors with that test user account, can be challenging.

Instead, create an authentication override text file that maps user e-mail addresses to alternative passwords. Then, the real AD passwords will still work. The procedure can also be useful if the domain controller becomes unreachable or unresponsive.

  1. Follow the steps described in Quickly collect log files from Zylinc server and unzip Logdump.zip on the desktop, search for a file named authentication.log, and open it.

    If you copy and paste this command into PowerShell, it will open the latest version of Autentication.log in Notepad:

    $file=dir "C:\Program Files\Zylinc\ApacheInstances" -filter "Authentication.log" -rec|group directory|foreach{@($_.group|sort {[datetime]$_.lastwritetime} -desc)[0].fullname};notepad $file

  2. In authentication.log, look for a line that contains the word authoverride, and a path to an AuthOverride property file

    Example:



    C:\ProgramData\Zylinc\Authentication\1.0.18\ZyTomcat1-8080-8443\Authentication\Authentication_AuthOverride.properties

  3. Make a copy of the path to the AutoOverride property file.

  4. Type Windows+R on the keyboard to open the Windows Run box, and then type:

    Notepad "<path to AutoOverride property file>"

    Example:



    Notepad "C:\ProgramData\Zylinc\Authentication\1.0.18\ZyTomcat1-8080-8443\Authentication\Authentication_AuthOverride.properties"

  5. In Notepad, click Yes to create a new file, if the file doesn't already exist

    The format of the AutoOverride property file is that each line contains e-mail=password:

    e-mail address1=password1

    e-mail address2=password2

    e-mail address3=password3

  6. Copy/paste the following to Notepad, and insert the correct domain of the e-mail address:

    ZylincAgent1@<domain.local>=Password2

  7. Save the file, but leave Notepad open

Test that authentication override works:

  1. Log in to ZyDesk with the e-mail address of the overridden user, and verify that Password2 works instead of the AD password.
  2. Log in to ZyDesk with the e-mail address of the overridden user, and verify that the AD password, Password1, also works
  3. Clear the contents in Notepad, and save the empty file

Next: Use LDAP user and group filters