You must assign permission to objects in the directory to store data against the new SecureLogin schema attributes. Assign user rights to all objects that access SecureLogin, including user objects, containers, group policies, and organizational units.
When you assign rights to containers and organizational units, the rights filter down to all associated user objects. So unless you are required to do so, it is not necessary to assign rights at the individual user object level.
Run adsschema.exe, found in the \securelogin\tools directory.
Select
, then click . The Assign Rights to This Object dialog box is displayed.NOTE:In the above figure, rights are assigned to the Users container.The Users container definition is:cn=users, dc=www, dc=training, dc=comTo assign rights to an organizational unit, for example Marketing, in thedomain www.company.com, the definition is:ou=marketing, dc=www, dc=company, dc=com
Specify your container or organizational unit definition in the Assign rights to this object field.
The confirmation dialog box appears.Click
to return to the Active Directory Schema dialog box.Repeat steps 4 and 5 to assign rights to all required user objects, containers and organizational units.
NOTE:If the above error message is displayed, rights have already been assigned to this object. This message box is for your information only.
NOTE:If the above error message is displayed, you have attempted to assign rights to an object that does not exist on this directory. Check your punctuation, syntax or spelling and repeat the procedure.
After you have assigned all required rights are successfully assigned, Click
to return to the Active Directory Schema dialog box.Click
To refresh the directory schema:
Run the Microsoft Management Console (MMC) and display the Active Directory Schema snap-in.
Right-click
, then select .On the Console menu, click
to close the MMC.In a multiple-server environment, schema updates occur on server replication.
NOTE: You can extend rights to objects at any time after the schema is extended. If you add organizational units, then you need to rerun the
tool and assign rights to the new object to permit SecureLogin data to write to the directory.