diff --git a/docs/directorymanager/11.1/APIs/contactapis/contactapis.md b/docs/directorymanager/11.1/APIs/contactapis/contactapis.md index 856c2e001c..be205d5ef1 100644 --- a/docs/directorymanager/11.1/APIs/contactapis/contactapis.md +++ b/docs/directorymanager/11.1/APIs/contactapis/contactapis.md @@ -15,4 +15,7 @@ Directory Manager provides the following APIs to perform contact-specific functi - [Get Contacts](/docs/directorymanager/11.1/APIs/contactapis/getcontacts.md) - [Update a Contact](/docs/directorymanager/11.1/APIs/contactapis/updatecontact.md) -NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. +:::note +The contact object type is not supported in a Microsoft Entra ID based identity store. + +::: diff --git a/docs/directorymanager/11.1/APIs/contactapis/createcontact.md b/docs/directorymanager/11.1/APIs/contactapis/createcontact.md index 94ed6b840a..42c4c0c9a4 100644 --- a/docs/directorymanager/11.1/APIs/contactapis/createcontact.md +++ b/docs/directorymanager/11.1/APIs/contactapis/createcontact.md @@ -8,7 +8,10 @@ sidebar_position: 10 Using this API you can create a contact in the specified identity store. -NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. +:::note +The contact object type is not supported in a Microsoft Entra ID based identity store. +::: + ## Endpoint diff --git a/docs/directorymanager/11.1/APIs/contactapis/deletecontact.md b/docs/directorymanager/11.1/APIs/contactapis/deletecontact.md index f3b500739d..522f5ad8a1 100644 --- a/docs/directorymanager/11.1/APIs/contactapis/deletecontact.md +++ b/docs/directorymanager/11.1/APIs/contactapis/deletecontact.md @@ -8,7 +8,10 @@ sidebar_position: 20 Using this API you can delete a specified contact from the specified identity store. -NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. +:::note +The contact object type is not supported in a Microsoft Entra ID based identity store. +::: + ## Endpoint diff --git a/docs/directorymanager/11.1/APIs/contactapis/deletecontacts.md b/docs/directorymanager/11.1/APIs/contactapis/deletecontacts.md index 19c127fd3a..21da89a7cb 100644 --- a/docs/directorymanager/11.1/APIs/contactapis/deletecontacts.md +++ b/docs/directorymanager/11.1/APIs/contactapis/deletecontacts.md @@ -8,7 +8,10 @@ sidebar_position: 30 This API is for deleting multiple contacts from a specified identity store. -NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. +:::note +The contact object type is not supported in a Microsoft Entra ID based identity store. +::: + ## Endpoint diff --git a/docs/directorymanager/11.1/APIs/contactapis/getcontact.md b/docs/directorymanager/11.1/APIs/contactapis/getcontact.md index e8f38a2b0a..97a29a0e86 100644 --- a/docs/directorymanager/11.1/APIs/contactapis/getcontact.md +++ b/docs/directorymanager/11.1/APIs/contactapis/getcontact.md @@ -8,7 +8,10 @@ sidebar_position: 40 Use this API to retrieve information about a contact in a specified identity store. -NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. +:::note +The contact object type is not supported in a Microsoft Entra ID based identity store. +::: + ## Endpoint diff --git a/docs/directorymanager/11.1/APIs/contactapis/getcontacts.md b/docs/directorymanager/11.1/APIs/contactapis/getcontacts.md index c6f056af6d..47ed873844 100644 --- a/docs/directorymanager/11.1/APIs/contactapis/getcontacts.md +++ b/docs/directorymanager/11.1/APIs/contactapis/getcontacts.md @@ -8,7 +8,10 @@ sidebar_position: 50 Use this API to retrieve information of multiple contacts from a specified identity store. -NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. +:::note +The contact object type is not supported in a Microsoft Entra ID based identity store. +::: + ## Endpoint diff --git a/docs/directorymanager/11.1/APIs/contactapis/updatecontact.md b/docs/directorymanager/11.1/APIs/contactapis/updatecontact.md index 22c48554f6..ec9e660941 100644 --- a/docs/directorymanager/11.1/APIs/contactapis/updatecontact.md +++ b/docs/directorymanager/11.1/APIs/contactapis/updatecontact.md @@ -9,7 +9,10 @@ sidebar_position: 60 Use this API if you want to update a contact's attribute(s) and their value(s) in a specified identity store. -NOTE: The contact object type is not supported in a Microsoft Entra ID based identity store. +:::note +The contact object type is not supported in a Microsoft Entra ID based identity store. +::: + ## Endpoint diff --git a/docs/directorymanager/11.1/APIs/datasourceapis/createds/dsoracle.md b/docs/directorymanager/11.1/APIs/datasourceapis/createds/dsoracle.md index 1bc5503174..7cdfa10b48 100644 --- a/docs/directorymanager/11.1/APIs/datasourceapis/createds/dsoracle.md +++ b/docs/directorymanager/11.1/APIs/datasourceapis/createds/dsoracle.md @@ -28,8 +28,11 @@ Oracle server or a specific database on a server. This data source can be used i source and destination provider in Synchronize jobs. This provider supports dynamic schema detection. -NOTE: Oracle client must be installed to use this provider. Make sure you reboot your computer after +:::note +Oracle client must be installed to use this provider. Make sure you reboot your computer after installing the Oracle client. +::: + ``` { diff --git a/docs/directorymanager/11.1/APIs/datasourceapis/deleteds.md b/docs/directorymanager/11.1/APIs/datasourceapis/deleteds.md index 9bbf7c5c73..b9cd452660 100644 --- a/docs/directorymanager/11.1/APIs/datasourceapis/deleteds.md +++ b/docs/directorymanager/11.1/APIs/datasourceapis/deleteds.md @@ -8,8 +8,11 @@ sidebar_position: 20 This API can be used for deleting a specified data source. -NOTE: Deleting a data source corrupts all Synchronize jobs, membership queries, and search queries +:::note +Deleting a data source corrupts all Synchronize jobs, membership queries, and search queries using that data source. +::: + ## Endpoint diff --git a/docs/directorymanager/11.1/APIs/welcome.md b/docs/directorymanager/11.1/APIs/welcome.md index 67d3d609d3..c455c37433 100644 --- a/docs/directorymanager/11.1/APIs/welcome.md +++ b/docs/directorymanager/11.1/APIs/welcome.md @@ -20,6 +20,9 @@ first and last of these is clear, but `POST` and `PATCH` have specific meanings. defined is confusing, but the general rule is: use `POST` to create resources, `PUT` and `PATCH` to update resources. -NOTE: All the APIs documented in the API section are for an Active Directory based identity store. +:::note +All the APIs documented in the API section are for an Active Directory based identity store. In each API, the **Sample Request Syntax** and the **Sample Response Syntax** sections have attributes that are supported in an Active Directory based identity store. + +::: diff --git a/docs/directorymanager/11.1/APIs/workflowapis/deleteroute.md b/docs/directorymanager/11.1/APIs/workflowapis/deleteroute.md index a32615a341..dc457cd5cb 100644 --- a/docs/directorymanager/11.1/APIs/workflowapis/deleteroute.md +++ b/docs/directorymanager/11.1/APIs/workflowapis/deleteroute.md @@ -8,7 +8,10 @@ sidebar_position: 50 You can use this API to delete a user-defined workflow route. -NOTE: You cannot delete a system workflow. +:::note +You cannot delete a system workflow. +::: + ## Endpoint diff --git a/docs/directorymanager/11.1/admincenter/applications/portal/displaytype/toolbars.md b/docs/directorymanager/11.1/admincenter/applications/portal/displaytype/toolbars.md index 958b673c96..aef223dd5b 100644 --- a/docs/directorymanager/11.1/admincenter/applications/portal/displaytype/toolbars.md +++ b/docs/directorymanager/11.1/admincenter/applications/portal/displaytype/toolbars.md @@ -47,7 +47,6 @@ You can customize the following toolbars: | Group Member Of Grid | The **Member Of** tab in group properties | | Direct Reports Grid | The **Organization** tab in user properties | - :::note The **Computer Members of Grid** and **Contact Member of Grid** toolbars are not available for a Microsoft Entra ID identity store. @@ -64,7 +63,7 @@ can update a few details for a button, such as its name and image. 2. Click the ellipsis button for a portal and select **Settings**. 3. Select an identity store under **Design Settings** to customize the portal for it. All identity stores linked with the portal are listed under **Design Setting**s. You can design a - different portal for each of these. +different portal for each of these. 4. Click **Toolbars** in the left pane; the **Toolbars** page is displayed. 5. In the **Select Toolbar Type** drop-down list, select the toolbar you want to update. The **Name** area lists all buttons on this toolbar. @@ -85,9 +84,11 @@ can update a few details for a button, such as its name and image. - If an image has been uploaded, the very image is displayed. Click **Upload** to replace the existing image with a new one. -**NOTE: Image dimensions: 30 x 30 pixels** +:::note +Image dimensions: 30 x 30 pixels +::: - Supported formats: .webp, .jpg, .jpe, .jpeg + Supported formats: .webp, .jpg, .jpe, .jpeg 8. **Visibility Level** – Select a security role. The toolbar button would be visible to users of this role and roles with a priority value higher than this role. See @@ -104,7 +105,7 @@ can update a few details for a button, such as its name and image. 2. Click the ellipsis button for a portal and select **Settings**. 3. Select an identity store under **Design Settings** to customize the portal for it. All identity stores linked with the portal are listed under **Design Settings**. You can design a - different portal for each of these. +different portal for each of these. 4. Click **Toolbars** in the left pane. 5. On the **Toolbars** page, select a toolbar in the **Select Toolbar Type** drop-down list. The **Name** area lists all buttons on this toolbar. diff --git a/docs/directorymanager/11.1/admincenter/applications/portal/server/advanced.md b/docs/directorymanager/11.1/admincenter/applications/portal/server/advanced.md index 09e1452982..1235929547 100644 --- a/docs/directorymanager/11.1/admincenter/applications/portal/server/advanced.md +++ b/docs/directorymanager/11.1/admincenter/applications/portal/server/advanced.md @@ -55,7 +55,6 @@ You can manage the following advanced settings for a portal: | Display Groups in My Dynasties | Controls whether to display the Dynasties for which the logged-on user is an additional owner, on the portal’s **My Dynasties** tab. By default, the tab displays the Dynasties that the logged-on user is the primary owner. Enable this setting to include Dynasties for which the logged-on user is an additional owner. Note that this setting applies individually to parent, middle, and leaf Dynasties. | | Display Additional Manager Direct Reports | Controls whether to display the direct reports for whom the logged-on user is an additional manager, on the portal’s **My Direct Reports** tab. By default, the tab displays the direct reports that the logged-on user is the primary manager. Enable this setting to include direct reports for whom the logged-on user is an additional manager. | - :::note Individual users can personalize all except the _Display Nested Ownership_ setting from the **Settings** panel in the portal. ::: diff --git a/docs/directorymanager/11.1/admincenter/applications/remoteiisprerequisites.md b/docs/directorymanager/11.1/admincenter/applications/remoteiisprerequisites.md index fa448b8b64..6356c2bfa0 100644 --- a/docs/directorymanager/11.1/admincenter/applications/remoteiisprerequisites.md +++ b/docs/directorymanager/11.1/admincenter/applications/remoteiisprerequisites.md @@ -118,11 +118,12 @@ The next step is to assign permissions on the physical folder that binds to your ``` :::tip - Remember, to provide values for alias "site name" and path "physical folder location of the + Remember, to provide values for alias "site name" and path "physical folder location of the site", created in the section Create a Site in Remote IIS. ::: + ## Generate an Access Key Admin Center uses the diff --git a/docs/directorymanager/11.1/admincenter/authpolicy/setupauth/email.md b/docs/directorymanager/11.1/admincenter/authpolicy/setupauth/email.md index 6c880711a4..7178bac3b9 100644 --- a/docs/directorymanager/11.1/admincenter/authpolicy/setupauth/email.md +++ b/docs/directorymanager/11.1/admincenter/authpolicy/setupauth/email.md @@ -19,7 +19,6 @@ Before configuring Email authentication, make sure that an SMTP server is config identity store. See the [Configure an SMTP Server](/docs/directorymanager/11.1/admincenter/identitystore/configure/smtpserver.md) topic. ::: - ## Enable Email Authentication for an Identity Store The email authentication type must be enabled for an identity store before users can use it for diff --git a/docs/directorymanager/11.1/admincenter/authpolicy/setupauth/windowshello.md b/docs/directorymanager/11.1/admincenter/authpolicy/setupauth/windowshello.md index 13cad2d523..68c3d5fcb6 100644 --- a/docs/directorymanager/11.1/admincenter/authpolicy/setupauth/windowshello.md +++ b/docs/directorymanager/11.1/admincenter/authpolicy/setupauth/windowshello.md @@ -13,7 +13,6 @@ hardware installed, such as fingerprint reader and 3D camera. Windows Hello supports the Microsoft Edge browser only. ::: - ## Enable Windows Hello on Windows 10 1. On the Windows Start menu, select **Settings**. diff --git a/docs/directorymanager/11.1/admincenter/authpolicy/sfa.md b/docs/directorymanager/11.1/admincenter/authpolicy/sfa.md index e357c1c942..b74f22cae4 100644 --- a/docs/directorymanager/11.1/admincenter/authpolicy/sfa.md +++ b/docs/directorymanager/11.1/admincenter/authpolicy/sfa.md @@ -12,7 +12,7 @@ authentication types. Supported authentication types are discussed in the [Authentication Policies - A Comparison](/docs/directorymanager/11.1/admincenter/authpolicy/authpolicy.md) topic. Once enrolled, role members must authenticate their accounts using an authentication type they -enrolled with, while signing into Admin Center or theDirectory Manager portal. Users enrolled with +enrolled with, while signing into Admin Center or the Directory Manager portal. Users enrolled with multiple authentication types can use any one type to authenticate. :::note diff --git a/docs/directorymanager/11.1/admincenter/general/history.md b/docs/directorymanager/11.1/admincenter/general/history.md index 15ba8dd6ec..5a40e411dd 100644 --- a/docs/directorymanager/11.1/admincenter/general/history.md +++ b/docs/directorymanager/11.1/admincenter/general/history.md @@ -62,7 +62,6 @@ of IdentityStoreA will apply to the SMS gateway account creation action and that will apply to the Directory Manager portal creation action. ::: - **Event Logging** In addition to history tracking, Directory Manager provides event logging, which includes file diff --git a/docs/directorymanager/11.1/admincenter/general/licensing.md b/docs/directorymanager/11.1/admincenter/general/licensing.md index a91e822ebf..b847a3b998 100644 --- a/docs/directorymanager/11.1/admincenter/general/licensing.md +++ b/docs/directorymanager/11.1/admincenter/general/licensing.md @@ -70,7 +70,6 @@ license is dependent on the Group Usage Service license, which in turn is depend Management license. ::: - **What happens when your license expires** When a license expires, its respective functions get read-only but you can configure certain diff --git a/docs/directorymanager/11.1/admincenter/securityrole/permissions.md b/docs/directorymanager/11.1/admincenter/securityrole/permissions.md index a30b465e77..f811308d2d 100644 --- a/docs/directorymanager/11.1/admincenter/securityrole/permissions.md +++ b/docs/directorymanager/11.1/admincenter/securityrole/permissions.md @@ -144,7 +144,7 @@ Permissions are discussed in the following table: :::tip Remember, Generalized permissions override limited permissions. For example, if Unlock My Account is -denied and Unlock Any Account allowed, role members can unlock all accounts, including their own. +dened and Unlock Any Account allowed, role members can unlock all accounts, including their own. ::: @@ -205,7 +205,6 @@ Permissions are discussed in the following table: | 4. | Modify user / group | Enables role members to update the permissions assigned to users and groups on document libraries in the site. The Type column lists the effective permissions. Role members will only be able to modify the permissions that you enable here. | | 5. | Remove user / group | Enables role members to remove users and groups from the permission list of document libraries in the site. Removed users and groups will not be able to access the respective document library in the site. | - :::note For more information on role permissions, see the [User Roles in Microsoft Entra ID and Directory Manager ](/docs/directorymanager/11.1/admincenter/identitystore/advsentraid.md#user-roles-in-microsoft-entra-id-and-directory-manager) diff --git a/docs/directorymanager/11.1/admincenter/securityrole/policy/helpdesk.md b/docs/directorymanager/11.1/admincenter/securityrole/policy/helpdesk.md index 9c41d1ea98..bfc75a4fe3 100644 --- a/docs/directorymanager/11.1/admincenter/securityrole/policy/helpdesk.md +++ b/docs/directorymanager/11.1/admincenter/securityrole/policy/helpdesk.md @@ -245,7 +245,6 @@ Remember, These settings are available if the _Reset Any Password_ permission is Helpdesk role in the identity store. ::: - ### Specify a Password Reset Method You can enable helpdesk role members to reset user account passwords by any of the following diff --git a/docs/directorymanager/11.1/authenticate/asidentityprovider/register.md b/docs/directorymanager/11.1/authenticate/asidentityprovider/register.md index e0ffd363c2..0ecadc5862 100644 --- a/docs/directorymanager/11.1/authenticate/asidentityprovider/register.md +++ b/docs/directorymanager/11.1/authenticate/asidentityprovider/register.md @@ -42,8 +42,11 @@ store for authentication. Step 7 – Click **Browse** under Identity Provider Image to upload an image for the application, such as the application logo. -NOTE: Supported image formats: .jpg, .bmp, .webp, and .gif +:::note +Supported image formats: .jpg, .bmp, .webp, and .gif Image file dimensions: 210 x 60 pixels +::: + Step 8 – Expand the Advanced section by clicking the down arrow head to specify advanced settings for the application. diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/configureadfsindirectorymanager.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/configureadfsindirectorymanager.md index 1bab8d557e..f3172e9dae 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/configureadfsindirectorymanager.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/configureadfsindirectorymanager.md @@ -85,8 +85,11 @@ FS option as an image or as a button. To display the AD FS option as an image, you have to upload an image for it. On the Create New Provider page, use the Browse button under Identity Provider Image to upload an image for AD FS. -NOTE: Supported image formats: .jpg, .bmp, .webp, .gif +:::note +Supported image formats: .jpg, .bmp, .webp, .gif Required image file dimensions: 210 x 60 pixels +::: + If you do not upload an image, AD FS authentication will be shown as a button. This button would have the same name as you entered in the Name box on the Create New Provider page. diff --git a/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/generateurls.md b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/generateurls.md index 2a0134623e..a55aa0c9e7 100644 --- a/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/generateurls.md +++ b/docs/directorymanager/11.1/authenticate/asserviceprovider/adfs/generateurls.md @@ -35,8 +35,11 @@ Step 3 – The URL displayed in the Consumer URL box is a unique identifier for It is used to set up relying party trust in AD FS. Click **Copy** to copy it. Then paste it in a file, preferably a text file, to save it. -NOTE: On upgrade to Directory Manager 11, you must generate the consumer URL again for the Directory +:::note +On upgrade to Directory Manager 11, you must generate the consumer URL again for the Directory Manager client configured with AD FS, and update it in AD FS. +::: + ## Generate Entity ID/Audience URL diff --git a/docs/directorymanager/11.1/configureentraid/createid.md b/docs/directorymanager/11.1/configureentraid/createid.md index b6170666ab..d770cf0e35 100644 --- a/docs/directorymanager/11.1/configureentraid/createid.md +++ b/docs/directorymanager/11.1/configureentraid/createid.md @@ -17,11 +17,14 @@ See the [Create an Identity Store for Microsoft Entra ID](/docs/directorymanager/11.1/admincenter/identitystore/create.md#create-an-identity-store-for-microsoft-entra-id) topic for creating an Microsoft Entra ID identity store. -NOTE: If you intend to use a service account user with Global Administrator directory role, then no +:::note +If you intend to use a service account user with Global Administrator directory role, then no change is required in the default Directory Manager security roles settings of Microsoft Entra ID identity store. And if you intend to use a service account user with any role, other than Global administrator directory role (i.e. User Administrator + Exchange Administrator), then the Directory Manager Administrator security role criteria group must be changed to User Account Administrator. +::: + ## Directory Manager Security Role Setting diff --git a/docs/directorymanager/11.1/configureentraid/register/appregister.md b/docs/directorymanager/11.1/configureentraid/register/appregister.md index b85c6968a3..153449088d 100644 --- a/docs/directorymanager/11.1/configureentraid/register/appregister.md +++ b/docs/directorymanager/11.1/configureentraid/register/appregister.md @@ -77,10 +77,13 @@ Step 10 – On the **All roles** page, add your registered application to a dire Administrators can change passwords for users, Helpdesk administrators, and other User Account Administrators only. - NOTE: By default, the Directory Manager Administrator security role in a Microsoft Entra + :::note + By default, the Directory Manager Administrator security role in a Microsoft Entra IDidentity store binds to Global Administrator. If minimum role assignment for the service account is used, the default Admin Security role criteria should also be changed to the _User Account Administrators_ group. + ::: + Step 11 – Click **Add**. diff --git a/docs/directorymanager/11.1/configureentraid/register/overview.md b/docs/directorymanager/11.1/configureentraid/register/overview.md index f331702785..aa52ea8580 100644 --- a/docs/directorymanager/11.1/configureentraid/register/overview.md +++ b/docs/directorymanager/11.1/configureentraid/register/overview.md @@ -18,7 +18,8 @@ Directory Manager requires: - A Microsoft Entra ID Directory Role for the service account for the Microsoft Entra ID identity store. - NOTE: See the + :::note + See the [All Role](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#all-role) section for [User Administrator](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#user-administrator) @@ -26,3 +27,5 @@ Directory Manager requires: [Exchange Administrator](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#exchange-administrator) role permissions in [Microsoft Entra built-in roles](https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#microsoft-entra-built-in-roles). + + ::: diff --git a/docs/directorymanager/11.1/credentialprovider/installcp.md b/docs/directorymanager/11.1/credentialprovider/installcp.md index 506db53604..07c323948c 100644 --- a/docs/directorymanager/11.1/credentialprovider/installcp.md +++ b/docs/directorymanager/11.1/credentialprovider/installcp.md @@ -119,8 +119,11 @@ Having Orca successfully installed, follow these steps to deploy Credential Prov ![Group Policy Management console](/img/product_docs/directorymanager/11.1/portal/user/manage/gp_policy.webp) - NOTE: Group Policy Management console is available if the Group Policy Management feature has + :::note + Group Policy Management console is available if the Group Policy Management feature has been installed. + ::: + 2. Right-click the domain or organizational unit for the computers that you want the Credential Provider installed on. Select **Create a GPO in this domain, and link it here...**: @@ -138,7 +141,10 @@ Having Orca successfully installed, follow these steps to deploy Credential Prov ![New Package option](/img/product_docs/directorymanager/11.1/portal/user/manage/software_installation.webp) - NOTE: This documentation describes steps for editing the default policy. + :::note + This documentation describes steps for editing the default policy. + ::: + 4. Browse to the shared folder. The folder must have the following files in it: diff --git a/docs/directorymanager/11.1/install/configure/setupauthentication.md b/docs/directorymanager/11.1/install/configure/setupauthentication.md index 7c2e95e9ca..f8040faa8b 100644 --- a/docs/directorymanager/11.1/install/configure/setupauthentication.md +++ b/docs/directorymanager/11.1/install/configure/setupauthentication.md @@ -29,7 +29,6 @@ the _public_ role. Therefore, the Directory Manager SQL account belongs to two s _db_creator_ and _public_. ::: - To add the Directory Manager SQL account to the db_creator role: Step 1 – Launch SQL Server Management Console. diff --git a/docs/directorymanager/11.1/install/configure/signingkeyinfo.md b/docs/directorymanager/11.1/install/configure/signingkeyinfo.md index 89924c04d1..2c51adb2b3 100644 --- a/docs/directorymanager/11.1/install/configure/signingkeyinfo.md +++ b/docs/directorymanager/11.1/install/configure/signingkeyinfo.md @@ -28,7 +28,6 @@ authentication mechanism will no longer be considered valid. Therefore, the auth must be updated for schedules using one of the following way: ::: - - Signing Key Utility – See the Signing Key utility guide for information on how to download the utility and update the schedules. - Admin Center – See the Schedules topic and go to the respective schedule page to update its @@ -74,7 +73,6 @@ authentication mechanism will no longer be considered valid. Therefore, the auth must be updated for schedules using one of the following way: ::: - - Signing Key Utility – See the Signing Key utility guide for information on how to download the utility and update the schedules. - Admin Center – See the Schedules topic and go to the respective schedule page to update its @@ -134,7 +132,6 @@ authentication mechanism will no longer be considered valid. Therefore, the auth must be updated for schedules using one of the following way: ::: - - Signing Key Utility – See the Signing Key utility guide for information on how to download the utility and update the schedules. - Admin Center – See the Schedules topic and go to the respective schedule page to update its diff --git a/docs/directorymanager/11.1/install/upgrade/backuprestore.md b/docs/directorymanager/11.1/install/upgrade/backuprestore.md index edf0d70749..fad5f22b85 100644 --- a/docs/directorymanager/11.1/install/upgrade/backuprestore.md +++ b/docs/directorymanager/11.1/install/upgrade/backuprestore.md @@ -158,7 +158,6 @@ Step 2 – Copy all data at the location. Step 3 – Create a new folder (ideally on a different drive) and paste the copied data into that folder. -:::note Note: You do not need to create a backup of scheduled tasks that include report criteria. On restoring, the scheduled tasks remain functional for these reports. ::: diff --git a/docs/directorymanager/11.1/managementshell/identitystore/clearmessagingserver.md b/docs/directorymanager/11.1/managementshell/identitystore/clearmessagingserver.md index 4d65afa536..56cd5cb699 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/clearmessagingserver.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/clearmessagingserver.md @@ -9,9 +9,12 @@ sidebar_position: 10 The commandlet Clear-MessagingServer removes the configured messaging server from the specified identity store. -NOTE: This cmdlet will also clear the SMTP settings, notification settings, password expiry +:::note +This cmdlet will also clear the SMTP settings, notification settings, password expiry settings, membership lifecycle notification settings, and managed by notification settings for the identity store. +::: + ## Syntax diff --git a/docs/directorymanager/11.1/managementshell/identitystore/clearsmtpserver.md b/docs/directorymanager/11.1/managementshell/identitystore/clearsmtpserver.md index 6c85fd4bcc..99557793b8 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/clearsmtpserver.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/clearsmtpserver.md @@ -8,9 +8,12 @@ sidebar_position: 30 The commandlet Clear-SmtpServer removes the SMTP server configurations from an identity store. -NOTE: This cmdlet will also clear the notification settings for the identity store recipients, +:::note +This cmdlet will also clear the notification settings for the identity store recipients, password expiry group notifications, membership lifecycle notifications, and managed by notification options for the specified identity store. +::: + ## Syntax diff --git a/docs/directorymanager/11.1/managementshell/identitystore/newidentitystore.md b/docs/directorymanager/11.1/managementshell/identitystore/newidentitystore.md index 39136b04b4..febfa040ec 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/newidentitystore.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/newidentitystore.md @@ -66,7 +66,10 @@ credentials for the new identity store. New-IdentityStore -IdentityStoreType ActiveDirectory -IdentityStoreName DemoAdStore2 -Credential $cred -Domain pucit.local ``` -NOTE: For an Active Directory based identity store, Domain parameter is mandatory. +:::note +For an Active Directory based identity store, Domain parameter is mandatory. +::: + Example 2: @@ -86,8 +89,11 @@ This example creates an Microsoft Entra ID based identity store. New-IdentityStore -IdentityStoreType MicrosoftAzure -IdentityStoreName DemoAzStore1 -UserName admin@mydomain.onmicrosoft.com -Password password123 -Domain mydomain.onmicrosoft.com -AppId 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee' ``` -NOTE: In case of an Microsoft Entra ID based identity store, Domain and AppId parameters are +:::note +In case of an Microsoft Entra ID based identity store, Domain and AppId parameters are mandatory. +::: + Example 4: @@ -97,8 +103,11 @@ This example creates a Google Apps (Google Workspace) based identity store. New-IdentityStore -IdentityStoreType GoogleWorkspace -IdentityStoreName DemoGStore1 -UserName svcacc@myproject-111222.iam.gserviceaccount.com -AdminUsername admin@mydomain.com -P12CertificatePath 'C:\Keys\gsuite\key.p12' ``` -NOTE: For Google Apps based identity store, AdminUserName and P12CertificatePath parameters are +:::note +For Google Apps based identity store, AdminUserName and P12CertificatePath parameters are mandatory. However, ‘Password’ parameter is ignored. +::: + Example 5: diff --git a/docs/directorymanager/11.1/managementshell/identitystore/setidentitystore.md b/docs/directorymanager/11.1/managementshell/identitystore/setidentitystore.md index 61fc0ff87e..90d99dd096 100644 --- a/docs/directorymanager/11.1/managementshell/identitystore/setidentitystore.md +++ b/docs/directorymanager/11.1/managementshell/identitystore/setidentitystore.md @@ -8,8 +8,11 @@ sidebar_position: 160 The commandlet Set-IdentityStore modifies the identity store settings and configurations. -NOTE: Many parameters of this cmdlet require the user to specify schema attribute names. You can use +:::note +Many parameters of this cmdlet require the user to specify schema attribute names. You can use Get-SchemaAttributes commandlet to retrieve a list of attributes available for an identity store. +::: + ## Syntax @@ -110,9 +113,12 @@ Set-IdentityStore [] ``` -NOTE: You can use the **Set-IdentityStore** commandlet in a secure way by using the _Credential_ +:::note +You can use the **Set-IdentityStore** commandlet in a secure way by using the _Credential_ parameter or by specifying the credentials through _Username_ and _Password_ parameters in plain text format which is not a secure way. +::: + ## Required Parameters @@ -217,8 +223,11 @@ Example 12: This example creates a new role – DemoRole1 – for the AdStore9 identity store by specifying the minimum possible parameters. -NOTE: By default, all permissions are declined to the role created through this commandlet. +:::note +By default, all permissions are declined to the role created through this commandlet. Moreover, no criteria filters or scope (group / container) are added to the role. +::: + ``` Set-IdentityStore -IdentityStoreName AdStore9 -Credential $creds -Domain pucit.local -RoleOperation add -RoleName DemoRole1 -RolePriority 50 -RoleCriteriaScope Container @@ -229,7 +238,10 @@ Example 13: This example creates a new security role – DemoRole1 – in AdStore9 identity store and a container is set as its role criteria. -NOTE: By default, all permissions are declined to the role created through this commandlet. +:::note +By default, all permissions are declined to the role created through this commandlet. +::: + ``` Set-IdentityStore -IdentityStoreName AdStore9 -Credential $creds -Domain pucit.local -RoleOperation add -RoleName DemoRole1 -RolePriority 50 -RoleCriteriaScope Container -RoleCriteriaDN 'ou=workingou,dc=pucit,dc=local' @@ -254,9 +266,12 @@ This example creates a new security role by specifying the container, criteria f permissions. In this example, only Manage My Groups and Create User permissions are granted to the created role. -NOTE: By default, all the permissions except those specified in RolePermissions parameter are denied +:::note +By default, all the permissions except those specified in RolePermissions parameter are denied to the role created through this commandlet. The role permission names can be retrieved from **Get-RolePermissionNames** commandlet. +::: + ``` Set-IdentityStore -IdentityStoreName AdStore9 -Credential $creds -Domain pucit.local -RoleOperation add -RoleName DemoRole6 -RolePriority 55 -RoleCriteriaScope Container -RoleCriteriaDN 'ou=workingou,dc=pucit,dc=local' -RoleCriteriaOperator Or -RoleCriteriaFilters @('name', 'is exactly', 'automate arslanahmadvm'), @('type', 'is not', 'managementshell') -RolePermissions 'manage my groups', 'create user' diff --git a/docs/directorymanager/11.1/managementshell/overview.md b/docs/directorymanager/11.1/managementshell/overview.md index f18b58cc29..a30934f486 100644 --- a/docs/directorymanager/11.1/managementshell/overview.md +++ b/docs/directorymanager/11.1/managementshell/overview.md @@ -31,8 +31,11 @@ stores for creating an identity store: - Generic LDAP - Google Workspace -NOTE: The commandlets covered in this section are for Active Directory and Microsoft Entra ID based +:::note +The commandlets covered in this section are for Active Directory and Microsoft Entra ID based identity stores. +::: + ## Access Directory Manager Management Shell @@ -48,14 +51,20 @@ connect to. ![Login page](/img/product_docs/directorymanager/11.1/managementshell/login.webp) -NOTE: If your required identity store is not listed, contact the Directory Manager administrator. +:::note +If your required identity store is not listed, contact the Directory Manager administrator. +::: + Step 3 – In the **Username** and **Password** boxes, provide the user name and password of your identity store account and click **Sign In**. ![Login page](/img/product_docs/directorymanager/11.1/managementshell/login-2.webp) -NOTE: Click the **Edit** icon if you want to select another identity store to connect to. +:::note +Click the **Edit** icon if you want to select another identity store to connect to. +::: + The Management Shell window appears as follows: @@ -100,8 +109,11 @@ enable-psremoting ![powershellwindow](/img/product_docs/directorymanager/11.1/managementshell/powershellwindow.webp) -NOTE: By default, on Windows Server 2016, Windows PowerShell remoting is enabled. Use this command +:::note +By default, on Windows Server 2016, Windows PowerShell remoting is enabled. Use this command to re-enable remoting on Windows Server 2016 if it becomes disabled. +::: + You have to run this command only one time on each computer that will receive commands. You do not have to run it on computers that only send commands. Because the configuration starts listeners, it diff --git a/docs/directorymanager/11.1/managementshell/scheduling/newschedule.md b/docs/directorymanager/11.1/managementshell/scheduling/newschedule.md index c456f5521a..9258dd7aa9 100644 --- a/docs/directorymanager/11.1/managementshell/scheduling/newschedule.md +++ b/docs/directorymanager/11.1/managementshell/scheduling/newschedule.md @@ -58,7 +58,10 @@ insecure password. New-Schedule -ScheduleName SmuTest1 -IdentityStoreName AdStore8 -UserName user -Password password1 -Targets 'OU=ArslanAhmadOU,OU=WorkingOU,DC=pucit,DC=local', 'OU=ArslanAhmadOU,OU=WorkingOU,DC=pucit,DC=local' -JobType SmartGroup -TriggerType Daily -StartTime '16:56' ``` -NOTE: This example uses insecure credentials. +:::note +This example uses insecure credentials. +::: + Example 2: diff --git a/docs/directorymanager/11.1/managementshell/smartgroup/newsmartgroup.md b/docs/directorymanager/11.1/managementshell/smartgroup/newsmartgroup.md index 7319cbb0f2..4af62ee173 100644 --- a/docs/directorymanager/11.1/managementshell/smartgroup/newsmartgroup.md +++ b/docs/directorymanager/11.1/managementshell/smartgroup/newsmartgroup.md @@ -93,8 +93,11 @@ logged-on to the identity store. New-SmartGroup  -OrganizationalUnit "OU=Recruiting,DC=HR,DC=Imanami,DC=US" -Name "Smart_Training" -GroupAlias "Smart_Training" -MailEnable True -SamAccountName "Smart_Training" -GroupScope "Universal Group" -Type "Distribution" ``` -NOTE: In Microsoft Exchange 2007 and later, mail-enabled groups are created with _Universal Group +:::note +In Microsoft Exchange 2007 and later, mail-enabled groups are created with _Universal Group Scope_. +::: + Example 2: diff --git a/docs/directorymanager/11.1/managementshell/smartgroup/upgradegroup.md b/docs/directorymanager/11.1/managementshell/smartgroup/upgradegroup.md index 5a55c4c7db..7a9ae4324a 100644 --- a/docs/directorymanager/11.1/managementshell/smartgroup/upgradegroup.md +++ b/docs/directorymanager/11.1/managementshell/smartgroup/upgradegroup.md @@ -59,7 +59,10 @@ the parent OU as well as from its child OUs as well. Upgrade-Group -SearchContainerScopeList "1" -SearchContainer "GIDsmart1""OU=Jobs,DC=Demo1,DC=com" GroupType "3" ``` -NOTE: The group types 4 and 5 which are for middle and leaf dynasties are not supported in this +:::note +The group types 4 and 5 which are for middle and leaf dynasties are not supported in this commandlet. See the [Parameters](/docs/directorymanager/11.1/managementshell/parameters.md) topic for additional information on the supported parameters. See the [Parameters](/docs/directorymanager/11.1/managementshell/parameters.md) topic to get information about the parameters which you can use in the Directory Manager Management Shell commandlets. + +::: diff --git a/docs/directorymanager/11.1/managementshell/userlifecycle/terminatedirectreports.md b/docs/directorymanager/11.1/managementshell/userlifecycle/terminatedirectreports.md index 884af2ca43..324235705e 100644 --- a/docs/directorymanager/11.1/managementshell/userlifecycle/terminatedirectreports.md +++ b/docs/directorymanager/11.1/managementshell/userlifecycle/terminatedirectreports.md @@ -9,7 +9,10 @@ sidebar_position: 40 Use the Terminate-DirectRreports command to terminate user(s). Specify manager of the user you want to terminate. -NOTE: You can perform this function in directory as per your role and permissions. +:::note +You can perform this function in directory as per your role and permissions. +::: + ## Syntax diff --git a/docs/directorymanager/11.1/managementshell/userlifecycle/transferdirectreports.md b/docs/directorymanager/11.1/managementshell/userlifecycle/transferdirectreports.md index d99fc215c3..da77136873 100644 --- a/docs/directorymanager/11.1/managementshell/userlifecycle/transferdirectreports.md +++ b/docs/directorymanager/11.1/managementshell/userlifecycle/transferdirectreports.md @@ -9,7 +9,10 @@ sidebar_position: 50 Use the Transfer-DirectReports commandlet to transfer direct report(s) in the connected identity store. Specify manager who will approve this transfer. -NOTE: You can perform this function in directory as per your role and permissions. +:::note +You can perform this function in directory as per your role and permissions. +::: + ## Syntax diff --git a/docs/directorymanager/11.1/portal/entitlement/fileservers.md b/docs/directorymanager/11.1/portal/entitlement/fileservers.md index e1447565b8..6eb4a4fe94 100644 --- a/docs/directorymanager/11.1/portal/entitlement/fileservers.md +++ b/docs/directorymanager/11.1/portal/entitlement/fileservers.md @@ -40,7 +40,9 @@ displayed, showcasing the following information: ![fileservercard](/img/product_docs/directorymanager/11.1/portal/entitlement/fileservercard.webp) -**NOTE: Date format: mm/dd/yyyy** +:::note +Date format: mm/dd/yyyy +::: - For child folders, the path is as: servername.parentsharedfoldername. diff --git a/docs/directorymanager/11.1/portal/entitlement/sharepointsites.md b/docs/directorymanager/11.1/portal/entitlement/sharepointsites.md index 75535e2d12..9034ea4127 100644 --- a/docs/directorymanager/11.1/portal/entitlement/sharepointsites.md +++ b/docs/directorymanager/11.1/portal/entitlement/sharepointsites.md @@ -36,7 +36,9 @@ showcasing the following information: - The date and time the library was last created. -**NOTE: Date format: mm/dd/yyyy** +:::note +Date format: mm/dd/yyyy +::: - You can view the files and folders within a document library till the nth level. Double-click a folder card to view its direct child files and folders. Continue till the nth level. @@ -53,7 +55,7 @@ are listed in the right pane. Information includes: - The date and time the file/folder was created and the number of files and folders that reside - directly in the selected folder. +directly in the selected folder. For example, if the folder contains a folder, ABC, that further contains 3 folders, the direct sub file/folder count will be 1, not 4. @@ -64,7 +66,7 @@ Information includes: Use the search box to filter the listing. - Add new users who can have permissions on the file/folder in a site. You can permanently or - temporarily add users. +temporarily add users. You can select multiple users and collectively assign them the same permissions. diff --git a/docs/directorymanager/11.1/portal/group/create/EntraID/group.md b/docs/directorymanager/11.1/portal/group/create/EntraID/group.md index f199d8c1c4..7c428feb3f 100644 --- a/docs/directorymanager/11.1/portal/group/create/EntraID/group.md +++ b/docs/directorymanager/11.1/portal/group/create/EntraID/group.md @@ -57,11 +57,12 @@ Follow the steps to create a Smart Group. The **Create Group** wizard opens to the **Group Type** page. :::tip - Remember, pages and fields on the Create Group wizard may vary, since the administrator can + Remember, pages and fields on the Create Group wizard may vary, since the administrator can customize the wizard by adding or removing tabs and fields. ::: + 2. On the [Group Type page](/docs/directorymanager/11.1/portal/group/create/grouptype.md) page, select the **Smart Group** option button and click **Next**. 3. On the [General page](/docs/directorymanager/11.1/portal/group/create/AD/general.md) page, specify basic information about the group. diff --git a/docs/directorymanager/11.1/portal/group/dynasty/AD/createdynasty.md b/docs/directorymanager/11.1/portal/group/dynasty/AD/createdynasty.md index 8d3597d8ef..749b73bd08 100644 --- a/docs/directorymanager/11.1/portal/group/dynasty/AD/createdynasty.md +++ b/docs/directorymanager/11.1/portal/group/dynasty/AD/createdynasty.md @@ -38,7 +38,6 @@ based identity store, since an Office 365 group cannot have groups as its member mail-enabled Dynasties of the security group type are supported. ::: - **Naming conventions for Child Dynasties** Dynasty names help you group a parent Dynasty with its respective child Dynasties. diff --git a/docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md b/docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md index 622e3bc225..cd4a00cc8e 100644 --- a/docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md +++ b/docs/directorymanager/11.1/portal/group/properties/dynastyoptions.md @@ -16,8 +16,11 @@ membership. You can: Your changes will be reflected on the next update of the Dynasty. -NOTE: Advanced Dynasty options are available for Dynasties of the parent and middle level, but not +:::note +Advanced Dynasty options are available for Dynasties of the parent and middle level, but not for the leaf level. +::: + ## For an Organizational/Geographical/Custom Dynasty @@ -33,6 +36,51 @@ length must not exceed the number of characters supported by the respective mess Also, the alias must not contain characters that are invalid for the configured messaging system. The following table lists the valid characters the supported messaging systems. +| Messaging System | Valid Characters | +| ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Exchange Server 2013, Exchange Server 2016, Exchange Server 2019 | - Uppercase letters (A–Z) - Lowercase letters (a–z) - Numeric digits (0–9) - Special characters: `#`, `--- +title: "Dynasty Options tab" +description: "Group properties - Dynasty Options tab" +sidebar_position: 100 +--- + +# Dynasty Options tab + +Directory Managerprovides advanced options that you can use to enhance the Dynasty structure and its +membership. You can: + +- Modify the attributes an Organizational/Geographical/Custom Dynasty is build on +- Modify the structure of a managerial Dynasty +- Edit the template used to generate the alias and display names of child groups +- Control the attribute inheritance behavior + +Your changes will be reflected on the next update of the Dynasty. + +:::note +Advanced Dynasty options are available for Dynasties of the parent and middle level, but not +for the leaf level. +::: + + +## For an Organizational/Geographical/Custom Dynasty + +**Alias Template** + +This setting generates the alias names of child groups. **%GROUPBY%** is replaced with the actual +value of the Attributes. + +If Exchange Server is the designated messaging system for the identity store, the alias length is +limited to 64 characters and must be unique to the forest. For other messaging systems, the alias +length must not exceed the number of characters supported by the respective messaging system. + +Also, the alias must not contain characters that are invalid for the configured messaging system. +The following table lists the valid characters the supported messaging systems. + +| Messaging System | Valid Characters | +| ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +, `%`, `&`, `'`, `*`, `+`, `-`, `/`, `=`, `?`, `^`, `_`, `` ` ``, `\{`, `\|`, `\}`, `~` - Periods (`.`) are allowed, but each must be preceded and followed by at least one other valid character | +| All other messaging systems | - Uppercase letters (A–Z) - Lowercase letters (a–z) - Numeric digits (0–9) | +======= | Messaging System | Valid Characters | | --- | --- | | Exchange Server 2013, Exchange Server 2016, Exchange Server 2019 | | @@ -97,7 +145,8 @@ managers as members of a single group. You can view and change these structure options for parent and middle Dynasties. For details, see the [Dynasty Options page (Managerial Dynasty)](/docs/directorymanager/11.1/portal/group/dynasty/AD/dynastyoptionsmanagerial.md). -NOTE: (1) If the **Set manager as owner** check box is selected, the **Always inherit** option is +:::note +(1) If the **Set manager as owner** check box is selected, the **Always inherit** option is set for Inheritance, and the managedBy attribute is specified for inheritance, the **Set manager as owner** option takes priority over the managedBy attribute inheritance. Hence, the manager of a child Dynasty would be set as its respective primary owner. @@ -107,6 +156,8 @@ child Dynasty may be updated, depending on the Dynasty inheritance options. For **Always inherit** option is set for Inheritance and the managedBy attribute is specified for inheritance, the primary owner of the parent Dynasty would be set as the primary owner for all child Dynasties, replacing their respective primary owners. +::: + **Attributes** @@ -158,13 +209,220 @@ length must not exceed the number of characters supported by the respective mess Also, the alias must not contain characters that are invalid for the configured messaging system. The following table lists the valid characters the supported messaging systems. -| Messaging System | Valid Characters | -| --- | --- | -| Exchange Server 2013, Exchange Server 2016, Exchange Server 2019 | | -| All other messaging systems | | +| Messaging System | Valid Characters | +| ---------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Exchange Server 2013, Exchange Server 2016, Exchange Server 2019 | - Uppercase letters (`A–Z`) - Lowercase letters (`a–z`) - Numeric digits (`0–9`) - Special characters: `#`, `--- +title: "Dynasty Options tab" +description: "Group properties - Dynasty Options tab" +sidebar_position: 100 +--- + +# Dynasty Options tab + +Directory Managerprovides advanced options that you can use to enhance the Dynasty structure and its +membership. You can: + +- Modify the attributes an Organizational/Geographical/Custom Dynasty is build on +- Modify the structure of a managerial Dynasty +- Edit the template used to generate the alias and display names of child groups +- Control the attribute inheritance behavior + +Your changes will be reflected on the next update of the Dynasty. + +:::note +Advanced Dynasty options are available for Dynasties of the parent and middle level, but not +for the leaf level. +::: + + +## For an Organizational/Geographical/Custom Dynasty + +**Alias Template** + +This setting generates the alias names of child groups. **%GROUPBY%** is replaced with the actual +value of the Attributes. + +If Exchange Server is the designated messaging system for the identity store, the alias length is +limited to 64 characters and must be unique to the forest. For other messaging systems, the alias +length must not exceed the number of characters supported by the respective messaging system. + +Also, the alias must not contain characters that are invalid for the configured messaging system. +The following table lists the valid characters the supported messaging systems. + +| Messaging System | Valid Characters | +| ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Exchange Server 2013, Exchange Server 2016, Exchange Server 2019 | - Uppercase letters (A–Z) - Lowercase letters (a–z) - Numeric digits (0–9) - Special characters: `#`, `--- +title: "Dynasty Options tab" +description: "Group properties - Dynasty Options tab" +sidebar_position: 100 +--- + +# Dynasty Options tab + +Directory Managerprovides advanced options that you can use to enhance the Dynasty structure and its +membership. You can: + +- Modify the attributes an Organizational/Geographical/Custom Dynasty is build on +- Modify the structure of a managerial Dynasty +- Edit the template used to generate the alias and display names of child groups +- Control the attribute inheritance behavior + +Your changes will be reflected on the next update of the Dynasty. + +:::note +Advanced Dynasty options are available for Dynasties of the parent and middle level, but not +for the leaf level. +::: + + +## For an Organizational/Geographical/Custom Dynasty + +**Alias Template** + +This setting generates the alias names of child groups. **%GROUPBY%** is replaced with the actual +value of the Attributes. + +If Exchange Server is the designated messaging system for the identity store, the alias length is +limited to 64 characters and must be unique to the forest. For other messaging systems, the alias +length must not exceed the number of characters supported by the respective messaging system. + +Also, the alias must not contain characters that are invalid for the configured messaging system. +The following table lists the valid characters the supported messaging systems. + +| Messaging System | Valid Characters | +| ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +, `%`, `&`, `'`, `*`, `+`, `-`, `/`, `=`, `?`, `^`, `_`, `` ` ``, `\{`, `\|`, `\}`, `~` - Periods (`.`) are allowed, but each must be preceded and followed by at least one other valid character | +| All other messaging systems | - Uppercase letters (A–Z) - Lowercase letters (a–z) - Numeric digits (0–9) | **Display Name Template** +The template to use to generate the display names of the child groups. **%GROUPBY%** is replaced +with the actual value of theAttributes. + +**Attributes** + +Dynasties create Smart Groups for each distinct value of each attribute listed in the **Attributes** +area. + +You can view and change the attributes for parent and middle Dynasties. + +- Click **Add** to select a new attribute to add a new level to the Dynasty. +- Select an attribute and click **Edit** to modify it. +- Click **Remove** to remove the selected attribute. + +See the [Dynasty Options page](/docs/directorymanager/11.1/portal/group/dynasty/AD/dynastyoptionsorggeocus.md) for details. + +**Inheritance** + +Use this setting to specify when Dynasty children inherit attributes. Options are: + +- **Inherit on creation**: Dynasty children will inherit the attributes’ values only when the + Dynasty is created. Moreover, whenever a new child group is created, it will inherit the + attributes’ values. +- **Always inherit**: Dynasty children will inherit the attributes’ values every time the parent + Dynasty is updated. +- **Never inherit**: Dynasty children will never inherit attribute values from the parent. + +The attributes to be inherited are specified at the identity store level. See Dynasty Settings. + +When, for a child Dynasty, you change the value of an inherited attribute, the new value may or may +not persist, depending on the inheritance option selected for the parent Dynasty. Here is an +example: + +Suppose the administrator has set the managedBy attribute for inheritance. + +- With the **Always inherit** option selected for the parent Dynasty, any modifications made to the + value of the managedBy attribute for a child Dynasty will be replaced with the value of the + managedBy attribute set for the parent Dynasty, whenever the Dynasty is updated. +- With the **Never inherit** option selected, any modifications made to the value of the managedBy + attribute for a child Dynasty will persist after update + +## For a Managerial Dynasty + +Top Manager, Include manager as member, Set manager as owner, Create a Flat managerial list, Exclude +nested lists of direct reports, Create groups in same container as manager, Create groups in this +container + +When you create a managerial Dynasty, you specify a Dynasty structure that determines how query +results are grouped. + +For example, you specify whether you want to create a separate Smart Group for the direct reports of +the top manager and sub-level managers, or add all direct reports of the top manager and sub-level +managers as members of a single group. + +You can view and change these structure options for parent and middle Dynasties. For details, see +the [Dynasty Options page (Managerial Dynasty)](/docs/directorymanager/11.1/portal/group/dynasty/AD/dynastyoptionsmanagerial.md). + +:::note +(1) If the **Set manager as owner** check box is selected, the **Always inherit** option is +set for Inheritance, and the managedBy attribute is specified for inheritance, the **Set manager as +owner** option takes priority over the managedBy attribute inheritance. Hence, the manager of a +child Dynasty would be set as its respective primary owner. +(2) When you clear the **Set manager as owner** check box, the manager set as the primary owner of a +parent Dynasty will not be removed. However, when the Dynasty is updated, the primary owner of a +child Dynasty may be updated, depending on the Dynasty inheritance options. For example, if the +**Always inherit** option is set for Inheritance and the managedBy attribute is specified for +inheritance, the primary owner of the parent Dynasty would be set as the primary owner for all child +Dynasties, replacing their respective primary owners. +::: + + +**Attributes** + +Set a custom attribute to create a managerial lineage in the context of this attribute. + +See the [Dynasty Options page (Managerial Dynasty)](/docs/directorymanager/11.1/portal/group/dynasty/AD/dynastyoptionsmanagerial.md)for a +discussion on attributes. + +In addition to the scenarios discussed, the following also apply on Dynasty update: + +- Specify the ‘XadditionalManager’ attribute in addition to the ‘Manager’ attribute for a parent + managerial Dynasty. + + On update, new child Dynasties are created with respect to the additional manager attribute data + and added in their respective managers’ direct reports and additional manager's direct reports. + +- Remove the ‘XadditionalManager’ attribute for a parent managerial Dynasty. + + On update, the direct reports of users created with respect to the additional manager attribute + data are removed from their respective managers’ and additional managers’ direct reports. + + If the Delete Empty and Orphan Dynasty children setting is applied, direct reports of users + created due to the additional manager attribute data are not only removed from their respective + managers’ and additional managers’ direct reports; they also get deleted. + +**Alias Template** + +This setting is used to generate the alias names of the Dynasty's child groups. **%MANAGER%** is +replaced with the alias of the manager being processed. Normally, the mailnickname attribute is used +to store the alias. However, if this attribute is not set, then **%MANAGER%** is replaced with the +display name of the manager. + +To use an attribute other than mailNickname for generating the alias for child groups, update the +**%MANAGER%** statement with the desired attribute name. Note that the value of the attribute must +be unique. + +Example using the cn attribute: + +%MANAGER.cn% + +Example using the name attribute: + +%MANAGER.name% + +If Exchange Server is the designated messaging system for the identity store, the alias length is +limited to 64 characters and must be unique to the forest. For other messaging systems, the alias +length must not exceed the number of characters supported by the respective messaging system. + +Also, the alias must not contain characters that are invalid for the configured messaging system. +The following table lists the valid characters the supported messaging systems. + +| Messaging System | Valid Characters | +| ---------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +, `%`, `&`, `'`, `*`, `+`, `-`, `/`, `=`, `?`, `^`, `_`, `` ` ``, `\{`, `\|`, `\}`, `~` - Periods (`.`) are allowed in aliases, but each must be preceded and followed by at least one other valid character | +| All other messaging systems | - Uppercase letters (`A–Z`) - Lowercase letters (`a–z`) - Numeric digits (`0–9`) | +**Display Name Template** + The template is used to generate the display names of the Dynasty's child groups. **%MANAGER%** is replaced with the display name of the manager being processed. To use an attribute other than displayName to name the child groups, update the **%MANAGER%** statement with the desired attribute @@ -178,9 +436,12 @@ Example using the name attribute: %MANAGER.name% -NOTE: For a managerial Dynasty, the **%MANAGER%** variable for the alias and display name templates +:::note +For a managerial Dynasty, the **%MANAGER%** variable for the alias and display name templates must be the same. The selected attribute must be a string and cannot include characters that are not supported in pre-Windows 2000 group names. +::: + **Inheritance** diff --git a/docs/directorymanager/11.1/portal/group/properties/owner.md b/docs/directorymanager/11.1/portal/group/properties/owner.md index d319dbfa94..34af5e1171 100644 --- a/docs/directorymanager/11.1/portal/group/properties/owner.md +++ b/docs/directorymanager/11.1/portal/group/properties/owner.md @@ -80,7 +80,6 @@ The **Additional Owners** grid displays the following information: | Ending | Displays the ending date of the temporary addition or removal. | | Do not notify | By default, all group-related notifications (such as expiry, deletion, and renewal notifications) are sent to the primary owner and all additional owners, so they can take the necessary action indicated.
To exclude an additional owner from receiving notifications, select the **Do not notify** check box.
**NOTE:** When a Smart Group Update job runs on a group, the notification behavior is as follows: Even when the **Do not Notify** check box is selected, the additional owner will receive the notifications if the administrator has included its email address for job-specific notifications. | - :::note For each column, a filter is also available that lets you filter records based on a criterion. For example; to show objects whose display names start with D, type D in the box under the **Name** diff --git a/docs/directorymanager/11.1/portal/group/querydesigner/general.md b/docs/directorymanager/11.1/portal/group/querydesigner/general.md index 7031ca6842..e610ee3e7d 100644 --- a/docs/directorymanager/11.1/portal/group/querydesigner/general.md +++ b/docs/directorymanager/11.1/portal/group/querydesigner/general.md @@ -21,7 +21,6 @@ The following table lists the options available on the **General** tab for each | Custom | By default, it includes all object options for Messaging System Recipients, Computers, and Users, Contact, and Groups. For this reason, the General tab does not display any option for this object type. | | Users, Contacts and Groups | | - :::note The Computer and Contact object types are not supported in a Microsoft Entra ID identity store. diff --git a/docs/directorymanager/11.1/portal/login.md b/docs/directorymanager/11.1/portal/login.md index 637b353003..21f7ce930b 100644 --- a/docs/directorymanager/11.1/portal/login.md +++ b/docs/directorymanager/11.1/portal/login.md @@ -62,7 +62,6 @@ Microsoft Entra ID MFA enabled users cannot log into Directory Manager using th and password. They will be authenticated through the SAML provider configured in Directory Manager. ::: - **With a SAML Provider** You can opt for single sign-on across all Directory Manager clients by configuring a SAML provider diff --git a/docs/directorymanager/11.1/portal/user/properties/AD/useroverview/organization.md b/docs/directorymanager/11.1/portal/user/properties/AD/useroverview/organization.md index 783749645c..c885eb50c3 100644 --- a/docs/directorymanager/11.1/portal/user/properties/AD/useroverview/organization.md +++ b/docs/directorymanager/11.1/portal/user/properties/AD/useroverview/organization.md @@ -39,7 +39,6 @@ manager set as the approver. If the administrator disables the workflow or chang approver, the flow changes accordingly. See the [Requests](/docs/directorymanager/11.1/portal/request/overview.md) topic. ::: - **Manager** Displays the contact/user's primary manager, if specified. The user/contact can change his or her @@ -95,7 +94,6 @@ This section displays a list of the additional managers of the user or contact. | Beginning | Shows the beginning date of the temporary addition or removal. | | Ending | Shows the ending date of the temporary addition or removal. | - :::note For each column, a filter is also available that lets you filter records based on a criterion. For example; to show objects whose display names start with D, type D in the box under the Name diff --git a/docs/directorymanager/11.1/portal/user/properties/EntraID/identity.md b/docs/directorymanager/11.1/portal/user/properties/EntraID/identity.md index f08dbf62d0..182e15f4fa 100644 --- a/docs/directorymanager/11.1/portal/user/properties/EntraID/identity.md +++ b/docs/directorymanager/11.1/portal/user/properties/EntraID/identity.md @@ -42,7 +42,6 @@ on. It simply indicates the user's relationship to the host organization and all to enforce policies that depend on this property. ::: - **Object ID** The unique ID assigned to the object in Microsoft Entra ID.