Test Scenario - Account Attributes \ Computer Account Attributes \ Description

Overview

The feature enables the administrators to maintain the Description attribute of the Active Directory domain computer objects.  The Description attribute value is specified by using macros that can resolve to Active Directory object attribute values, registry values or WMI function call return values.

 

When the policy is enabled, the software sets the default Description attribute template as

%givenName% %sn% ( %zSystemManufacturer% %zSystemProductName% ) %zDynamicSiteName%.  

Note: The macros enclosed between the % symbol must be separated by space character.

 

Other templates can be constructed using macros that are defined in the registry key HKLM\SOFTWARE\Synergix\ADCE\Policies\Computer\Description\UDF.  

 

The software uses the macro definitions to retrieve value from (1) Directory Services, (2) Registry or (3) WMI function call.  For instance, givenName macro is configured with the value DIRECTORY, user, givenName and the zSystemManufacturer macro is configured with the value WMI, "SELECT Manufacturer FROM Win32_ComputerSystem"

 

Purpose

This article provides instructions on testing the SYNERGIX AD Client Extensions software Account Attributes \ Computer Account Attributes \ Computer Description Attribute feature.  Computer Description can be updated by designated Administrators only.  The software requires the security principal "Domain Computers" to be granted READ DESCRIPTION and WRITE DESCRIPTION permission in order for it to maintain the attribute value.

 

Prerequisites

  • Supported Microsoft Windows Operating System
    • Microsoft Windows XP or 
    • Microsoft Windows Vista or 
    • Microsoft Windows 7.0 or 
    • Microsoft Windows 8.0
  • .NET Framework 4.0
  • Active Domain Membership in Microsoft Active Directory domain
  • Microsoft Outlook or other EMail client 
    • EMail client is required to submit log files to support@synergix.com or x@mail.asana.com
  • SYNERGIX AD Client Extensions 2013

 

Active Directory Domain Environment

  • Single Active Directory Domain environment i.e. Single Forest with Forest Root Domain only example. F10.LOCAL
    • You can setup a more complex Active Directory Domain environment, if needed.  For example, one forest F10.LOCAL with child domains D10.F10.LOCAL, D11.F10.LOCAL and D12.F10.LOCAL and a trusted forest F20.LOCAL with child domains D20.F20.LOCAL, D21.F20.LOCAL and D22.F20.LOCAL
  • Security Group(s)
    • Create a security group called "SYNERGIX ADCE Managed Computers".  The group type may be Domain Global Group or Domain Local Group.
    • Add the test domain computer(s) into the security group "SYNERGIX ADCE Managed Computers"
  • Delegate Control
    • Grant the security principal "Domain Computers" READ Description and WRITE Description permissions or
    • Grant the security group "SYNERGIX ADCE Managed Computers" READ Description and WRITE Description permission
      • The test domain computer must be member of "SYNERGIX ADCE Managed Computers" security group.
  • Configure domain Group Policy Object
    • Copy SYNERGIX AD Client Extensions Administrative Template file SYNERGIX-ADCE.ADMX to %SystemRoot%\PolicyDefinitions on admin workstation ( must be Windows 7.0 ) 
    • Copy SYNERGIX AD Client Extensions Administrative Template Language file SYNERGIX-ADCE.ADML to %SystemRoot%\PolicyDefinitions\en-US on same admin workstation ( must be Windows 7.0 ) 
    • Using GPMC.MSC, edit existing or new Group Policy Object.  
      • In Group Policy Editor, expand COMPUTER CONFIGURATION
      • Expand Administrative Templates
      • Expand SYNERGIX AD Client Extensions
      • Expand Account Attributes
      • Expand Computer Account Attributes
      • Select Computer Description Attributes
      • Enable policy setting
      • Configure Description Update Period (in minutes)
        • The value determines the time interval before next update occurs.  By default, it is 1,440 minutes.
      • Review current Policy Template string
        • For list of macros that can be used in the Description Template, refer to the registry key  ... HKEY_LOCAL_MACHINE\SOFTWARE\Synergix\ADCE\Account Attributes\Computer Account Attributes\Computer Description Attribute\UDF
 

More Information

 

Procedure

  • Log into a domain computer with local administrative privileges
  • Install SYNERGIX AD Client Extensions software
  • Logout
  • Log into the same domain computer with a domain user account.  This domain account represents a business user who does not have elevated privileges on his / her computer.
  • Launch Active Directory Users and Computers ( dsa.msc ) Management Console
    • If DSA.MSC is not installed, log into another workstation with Administrative Tools installed and then, launch DSA.MSC on it
  • Search for domain computer object
  • Bring up domain computer properties windows
  • Review Computer Description attribute value.  By default, it updates once every 24 hours.
  • Does the Policy Template properly resolve to expected value ?
    • If Yes, Test Results are successful.  In the Test Result, write down PASS
    • If No, re-run test
      1. Remove lastUpdate registry entry from HKEY_LOCAL_MACHINE\SOFTWARE\Synergix\ADCE\Account Attributes\Computer Account Attributes\Computer Description Attribute.   Did it work this time ?
      2. Try on another computer. Did it work this time ?
      3. Review ServiceLogFile.txt. Do you see "Access Denied" exception ? If yes, verify that the security principal DOMAIN COMPUTERS has READ Description and WRITE Description permission on Computer objects ? Did it work this time ?
 

Test Results

  • Pass or
  • Fail

 

Test Result Submission

  1. Complete the Test Environment worksheet
  2. Upload test results document file to software test repository
  3. Upload log files
    1. ServiceLogfile.txt
    2. ClientLogfile.txt
    3. Output of GPRESULTS.EXE /V command
Note: You must use ADCE \ Help \ Submit Log Files button to zip up above 3 files and submit
 
 

References

N/A

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk