0 votes

Hi there,

We would like to manage some specific child object, for example msFVE-RecoveryInformation object which is a child of the computer object and contain the bitlocker recovery password. The goal is to give rights to our helpdesk to recover a PC just by typing the computer name.
Do you know a convenient way to do that, i mean returning in the web console child objects when you display the parent object properties. We have the same demand for ActiveSync objects to, which are child of user objects.

Thanks in advance

Stephen

by (800 points)

1 Answer

0 votes
by (18.0k points)

It is possible to do what you need in two ways.

[Recommended] You can you use Custom Commands for this purpose. Just define a custom command for computer objects that will execute a script that will make all the changes you need. If necessary we can implement such script for you.

Alternatively, you can configure Adaxes Web Interface to display msFVE-RecoveryInformation objects under computers:

  1. Configure the Web Interface to display objects of the msFVE-RecoveryInformation type.

    • Launch the Web Interface Configuration tool and select the Web Interface that you want to configure in the Interface type combo box.
    • Activate the AD Browsing tab and click Configure Object Types.
    • Select the Show all object types option and check the FVE-RecoveryInformation type in the list above.
    • Save the changes.
  2. Configure the Computer Object View to display child objects.

    • Close the Web Interface Configuration tool (important).

    • Open the Web.Config file for your Web Interface using a text editor. By default, this file is located in the following folder:
      C:\Program Files\Softerra\Adaxes 3\Web Interface\*<WebInterfaceType>***.

    • Add the controlPath attribute to the XML element objectViewer for computer objects:

        ```powershell
        <configuration>
        ...
          <softerra.adaxes>
          ...
            <web.ui>
            ...
               <manageActiveDirectorySettings>
               ...
                  <objectTypes>
                  ...
                      <add name="computer">
                          <objectViewer controlPath="~/ManageDirectory/UserControls/DirectoryObjectWithGridViewer.ascx">
                   ...
        ```
  3. Configure the form for editing AD objects of the msFVE-RecoveryInformation type. For more details, see Manage Active Directory Objects of a Custom Type.

You can perform the same steps for the User object type. However, in this case the header that is displayed in the object view for users will be changed (it will not display the user's photo).

0

Method 1 is a good catch for Recovery Password information and i'm going to write a custom command that will send an email with it.
Method 2 is a better one when you need to view many informations of the child object.
I tried your modifications and it works beautifully except that for the child objects, it displays all the actions (Reset Password, Enable Account, Disable Account...) even if it's not a computer object but a child of. I didn't find a way to hide these actions.
Moreover, would it be possible to give a more meaningfull name to this section than "child objects" ?

Thanks for your very valuable help

0

You can configure the grid that displays child objects (see Disallow Certain Operations on Active Directory Objects). The problem is that the settings will be applied to all other grids (e.g. to the grid that displays child objects of an OU).
We are planning to modify the grid to display only those operations that can be performed on objects that can be located under the parent object (based on the AD schema).

It is possible to rename the 'Child Objects' section. However, there are two issues related to it:

  • Since the 'Child Objects' string is located in a localization file, it is not included in the Web UI configuration backups and you will have to perform the modifications every time you reinstall the Web Interface.
  • The new name will be applied to all sections that display child objects while browsing AD.

To rename the section, modify the following elements in the Strings.resx file located in the following folder:
C:\Program Files\Softerra\Adaxes 3\Web Interface\<Web Interface Type>\App_GlobalResources.

...
<data name="ChildObjects" xml:space="preserve">
    <value>Child Objects:</value>
</data>
...
0

Hello,

Yesterday we released Adaxes 2012.1. Now you can configure the Home page to contain 'View Objects' action.

0

Does this work in 2014.1 I am trying to bring this online here and was curious to know if it is the same for 2014.1?

0

Hello,

Yes, it's the same. Nothing has changed in relation to the above solution.

0

It is possible to do what you need in two ways.

[Recommended] You can you use Custom Commands for this purpose. Just define a custom command for computer objects that will execute a script that will make all the changes you need. If necessary we can implement such script for you.

Alternatively, you can configure Adaxes Web Interface to display msFVE-RecoveryInformation objects under computers:

  1. Configure the Web Interface to display objects of the msFVE-RecoveryInformation type.

    • Launch the Web Interface Configuration tool and select the Web Interface that you want to configure in the Interface type combo box.
    • Activate the AD Browsing tab and click Configure Object Types.
    • Select the Show all object types option and check the msFVE-RecoveryInformation type in the list above. [attachment=0]select.msFVE-RecoveryInformation.object.type.png[/attachment]
    • Save the changes.
  2. Configure the Computer Object View to display child objects.

    • Close the Web Interface Configuration tool (important).

    • Open the Web.Config file for your Web Interface using a text editor. By default, this file is located in the following folder:
      C:\Program Files\Softerra\Adaxes 3\Web Interface\*<WebInterfaceType>***.

    • Add the controlPath attribute to the XML element objectViewer for computer objects:

        ```powershell
        <configuration>
        ...
          <softerra.adaxes>
          ...
            <web.ui>
            ...
               <manageActiveDirectorySettings>
               ...
                  <objectTypes>
                  ...
                      <add name="computer">
                          <objectViewer controlPath="~/ManageDirectory/UserControls/DirectoryObjectWithGridViewer.ascx">
                   ...
        ```
  3. Configure the form for editing AD objects of the msFVE-RecoveryInformation type. For more details, see Manage Active Directory Objects of a Custom Type.

You can perform the same steps for the User object type. However, in this case the header that is displayed in the object view for users will be changed (it will not display the user's photo).

Where exactly am I to place the script portion in the Web.config, ( i.e. Line number ) or is it a completely new item?

0

Hello,

We can't tell you the exact line, because the content of the Web.config file can differ depending on how you set up your Web interface, but to to locate the necessary line, you can use the Find function of your text editor:

  1. Locate the following text:

     <add name="computer">
  2. On the line following this text, you will see the following text:

     <objectViewer>

    change it to the following:

     <objectViewer controlPath="~/ManageDirectory/UserControls/DirectoryObjectWithGridViewer.ascx">
  3. Save the file.

0

Thank you for the support, this made a whole lot easier.

0

Hello,

Starting with Adaxes version 2018.1, bitlocker keys can be displayed when viewing Computer objects using the Child Objects section in Adaxes Web Interface. You will need to add the section to the View form for Computer objects and then add the FVE-RecoveryInformation objects to the list of objects displayed in the Web Interface. To do so:

  1. Open Adaxes Web Interface Configurator.
  2. In the top left corner, select the Web Interface you need.
  3. In the left pane, click Management.
  4. In the Forms and Views section, select Computer Object type.
  5. Activate the View tab and click Add below Sections.
  6. Select Child Objects and click Next.
  7. Enter a section name (e.g. Bitlocker Keys) and click Create.
  8. In the Section Configuration, select Show only the following object types and click Select object types.
  9. Select FVE-RecoveryInformation and click OK.
  10. In the left pane, click Browsing.
  11. In the Filter Options section, click Add.
  12. Select FVE-RecoveryInformation and click OK.
  13. Click OK and save the changes.
  14. Before checking the changes in the Web Interface, refresh the page using Ctrl+F5. You will have something like the following:

Related questions

0 votes
1 answer

Hello, We are currently evaluating Adaxes for our own consulting company and for our customers too. Our setup include AD On Prem with Azure AD Connect which sync new identities to ... start the sync? This part is not in the documentation we found. Thanks a lot

asked May 24, 2021 by ygini (240 points)
0 votes
1 answer

I'm trying to set the adm-ManagedByList attribute on a few hundred groups via powershell, and found that it's only working for groups in our root domain, but fails for all ... is actually located ##'. Am I missing something here or is this a bug? Thanks Felix

asked Sep 19 by felix (150 points)
0 votes
0 answers

Our AD Forest has One primary Domain and 4 child domains, our users are in the child domains. all of the groups are in the Primary domain(Global groups). Here is the ... the user in the primary domain and then move them to the correct domain. Any sugestions?

asked Jun 4, 2014 by babbeaw (320 points)
0 votes
0 answers

I have applied a security role to a group at the top of a Business Unit Container and set it to apply to the subtree and it does, all Containers and Business Units do ... Unit. Did I apply the permissions wrong or is there some setting I need to change?

asked Aug 9 by ajmilic (100 points)
0 votes
1 answer

Similar to Powershell's "whatif"? I'd like to enable this scheduled task - But would like to confirm who will actually be affected before enabling this. Is there at least ... objects in the console log? I could run that before adding the 'modify' actions back.

asked Jun 25 by msinger (210 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users