ESET Online Help

Search
Select the category
Select the topic

Active Directory

If you are using Active Directory,  ESET Endpoint Encryption Server (EEE Server) can monitor the directory and add, remove and modify users automatically based on changes in the directory.

Managing Active Directory Users

If Active Directory sync has been configured, and if the user has permissions to view the panel, an Active Directory panel will be displayed in the Organization Management section of the EEE Server.

User States

The users may be displayed with the following icons:

icon_user_ldap_unlinked

The user was found in the active directory, but nothing exists in the EEE Server user list

icon_user_ldap_linked

The user exists in the EEE Server user list and is linked to an Active Directory user

icon_user_ldap_ignored

The user exists in the Active Directory but it is being ignored. Therefore, it will not be imported into the EEE Server, even in automatic modes

icon_user_ldap_error

The user exists in the Active Directory but it is in a different organization. This user cannot be imported into this organization

icon_user_ldap_new

Any user with a highlight mark, which could be displayed with any of the icons above, means it is new since the last directory synchronization

See more information about Active Directory user states.

User Options

Re-Sync

Re-sync happens automatically on a timer. However, clicking the button will wake the timer and cause the re-sync to begin immediately. The tool tip displayed will inform you when the synchronisation is complete, it could take some time depending on the size of the directory.

 

Quick Import

Quick import will import the user/s into the organization, using the user's current OU as the destination team. Note that unless you are in full automatic mode, the OU is only used for the initial import and the user will not be moved during subsequent synchronizations.

 

Import to Team

Import the user/s into a user specified destination team.

 

Ignore User/Unignore User

Ignore the user, or clear the ignore flag.

 

Removing a User

Removing From the Directory

If a user is removed from the Active Directory, during the next synchronization event the following will occur.

If the user is not yet licensed, they will be removed immediately from the EEE Server.

If the user is licensed, or activated on a workstation, then they will be marked as an orphan user in the EEE Server. This can be seen by a dark user icon.

If you no longer want to retain the license for this user, you may delete them from the EEE Server and the license will be released and can be re-used.

However, if you want to retain the license, you can unlink the user from the directory using the button on the user card. This will turn the user back into a normal user and the icon will revert to the previous state.

 

Removing From the ESET Endpoint Encryption Server

If you delete a linked user from the EEE Server, it will mark the corresponding active directory user as ignored.

 

Active Directory Settings

To edit Active Directory Settings for an Organization, select it and click the Active Directory Settings button on the lower right hand corner of the details panel. You can enable or disable Active Directory integration by checking the box. You may then enter any of the option settings or change the synchronization mode. There are three pages of settings to fine tune the import mode.

active_directory_settings

 

If the machine running the EEE Server is a member of an Active Directory, it may be sufficient to simply enable support. However, if the machine is not a member of a domain, or you want to synchronize only with a specific object, you can type the server name, distinguished name and user credentials as required.

 

Sync Mode

The synchronization mode defines how the synchronization will operate, and whether it will run automatically in the background, or if it requires user intervention. The effects of each option are given on the dialog when the selection is made.

active_directory_settings2_closed

The options are:

Automatic with Team Import

Full Automatic Import will automatically import any users from the Active Directory into the EEE Server, using the Organizational Units (OUs) the user is in to determine the team name in the EEE Server. Additionally, if users are moved between OUs in the directory, they will also be moved between teams in the EEE Server. Username and email changes are also applied to the EEE Server users if the name is changed in the directory.

 

Basic Automatic Import

Simple Automatic Import is similar to the full automatic mode, but the OUs are ignored and users are simply placed in the root of the organization. They can be subsequently moved within the organization, and they will remain in their specified Teams even if they are moved within the Active Directory. However, username and email address changes will still occur.

 

Manual Import Only

In manual mode, no users are automatically imported into the EEE Server, and it is up to the user to import users to link them. Users can be moved within the organization, and they will remain in their specified Teams even if they are moved within the Active Directory. Also username and email address changes also occur automatically for any manually linked users.

 

User Import Settings

By default, all users within the EEE Server are licensed using an email address and thus by default the EEE Server will use the mail attribute within Active Directory for the email address within the EEE Server. However, in cases where the mail attribute has not been configured, other attributes can be used instead of the email address (such as the UPN) or can be combined with some user-defined domain suffix.

active_directory_settings3_closed