4.5 Assigning User Rights

You must assign permission to objects in the directory to store data against the new SecureLogin schema attributes. Assign user rights to all objects that access SecureLogin, including user objects, containers, group policies, and organizational units.

When you assign rights to containers and organizational units, the rights filter down to all associated user objects. So unless you are required to do so, it is not necessary to assign rights at the individual user object level.

  1. Run adsschema.exe, found in the \securelogin\tools directory.

  2. Select Assign User Rights, then click OK. The Assign Rights to This Object dialog box is displayed.

    Assign Rights to This Object dialog box

    NOTE:In the above figure, rights are assigned to the Users container.The Users container definition is:cn=users, dc=www, dc=training, dc=comTo assign rights to an organizational unit, for example Marketing, in thedomain www.company.com, the definition is:ou=marketing, dc=www, dc=company, dc=com

  3. Specify your container or organizational unit definition in the Assign rights to this object field.

  4. The confirmation dialog box appears.Click OK to return to the Active Directory Schema dialog box.

  5. Repeat steps 4 and 5 to assign rights to all required user objects, containers and organizational units.

    Error message

    NOTE:If the above error message is displayed, rights have already been assigned to this object. This message box is for your information only.

    Error message

    NOTE:If the above error message is displayed, you have attempted to assign rights to an object that does not exist on this directory. Check your punctuation, syntax or spelling and repeat the procedure.

  6. After you have assigned all required rights are successfully assigned, Click OK to return to the Active Directory Schema dialog box.

  7. Click Cancel.

4.5.1 Refreshing the Directory Schema

To refresh the directory schema:

  1. Run the Microsoft Management Console (MMC) and display the Active Directory Schema snap-in.

    Active Directory Schema snap-in

  2. Right-click Active Directory Schema, then select Reload the Schema.

  3. On the Console menu, click Exit to close the MMC.

In a multiple-server environment, schema updates occur on server replication.

NOTE: You can extend rights to objects at any time after the schema is extended. If you add organizational units, then you need to rerun the adschema.exe tool and assign rights to the new object to permit SecureLogin data to write to the directory.