2.1 Web Console

The Web Console is a Web-based user interface that provides quick and easy access to many user account, group, computer, resource, and Microsoft Exchange mailbox tasks. You can customize object properties to increase efficiency of routine tasks. You can also manage general properties of your own user account, such as the street address or cell phone number.

The Web Console displays a task only if you have the power to perform that task.

2.1.1 Starting the Web Console

You can start the Web Console from any computer running Internet Explorer. To start the Web Console, specify the appropriate URL in your Web browser address field. For example, if you installed the Web component on the HOUserver computer, type https://HOUserver.entDomain.com/draclient in the address field of your Web browser.

NOTE:To display the most current account and Microsoft Exchange information in the Web Console, set your Web browser to check for newer versions of cached pages at every visit.

2.1.2 Configuring the Web Console

With appropriate powers, you can configure all the required server connections and integrations, Auto Logout behavior, and Advanced Authentication in the Web Console.

Auto Logout

You can define a time increment for the Web Console to log out automatically after inactivity or set it to never log out automatically.

To configure Auto Logout in the Web Console, navigate to Administration > Configuration > Auto Logout.

DRA Server Connection

You can configure one of three options in the Web Console to define DRA server connection options when logging in.

Always use the default DRA server location (Always)
Never use the default DRA server location (Never)
Only use the default DRA server location if it is selected (Only If Selected)

The behavior for each option, when logging in, is described below:

Connection Configuration	Login Screen - Options	Connection Option Descriptions
Always	None	Option configurations are disabled
Never	Use automatic discovery	Finds a DRA server automatically; no configuration options are available
	Connect to a specific DRA server	The user configures the server and port
	Connect to a server that manages a specific domain	The user provides a managed domain and chooses a connection option: Use automatic discovery (in the domain provided) Primary server for this domain Search for a DRA server (in the domain provided)
Only If Selected	Use automatic discovery	Finds a DRA server automatically; no configuration options are available
	Connect to the default DRA server	The default server is selected and the DRA server configuration is disabled
	Connect to a specific DRA server	The user configures the server and port
	Connect to a server that manages a specific domain	The user provides a managed domain and chooses a connection option: Use automatic discovery (in the domain provided) Primary server for this domain Search for a DRA server (in the domain provided)

To configure the DRA Server connection in the Web Console, navigate to Administration > Configuration > DRA Server Connection.

REST Server Connection

The configuration for the REST Service connection includes setting a default server location and a connection timeout, in seconds. You can configure one of three options in the Web Console to define REST Service connection options when logging in.

Always use the default REST Service location (Always)
Never use the default REST Service location (Never)
Only use the default REST Service location if it is selected (Only If Selected)

The behavior for each option, when logging in, is described below:

Connection Configuration	Login Screen - Options	Connection Option Descriptions
Always	None	Option configurations are disabled
Never	Use automatic discovery	Finds a REST server automatically; no configuration options are available
	Connect to a specific REST server	The user configures the server and port
	Connect to a REST server in a specific domain	The user provides a managed domain and chooses a connection option: Use automatic discovery (in the domain provided) Search for a REST server (in the domain provided)
Only If Selected	Use automatic discovery	Finds a REST server automatically; no configuration options are available
	Connect to the default REST server	The default REST server is selected and the REST server configuration is disabled
	Connect to a specific REST server	The user configures the server and port
	Connect to a REST server in a specific domain	The user provides a managed domain and chooses a connection option: Use automatic discovery (in the domain provided) Search for a REST server (in the domain provided)

To configure the REST Service connection in the Web Console, navigate to Administration > Configuration > REST Service Connection.

Advanced Authentication

Advanced Authentication lets you move beyond a simple user name and password to a more secure way of protecting sensitive information by using multi-factor authentication. Multi-factor authentication is a method of computer access control that requires more than one method of authentication from separate categories of credentials to verify a user's identity.

After the DRA Administrator configures chains and events, if you have the required powers, you can log into the Web Console and enable Advanced Authentication. Once authentication is enabled, every user will be required to authenticate through Advanced Authentication before being given access to the Web Console.

To enable Advanced Authentication, log in to the Web Console and navigate to Administration > Configuration > Advanced Authentication. Select the Enabled check box and configure the form according to the instructions provided for each field.

For more information about Advanced Authentication, see Authentication in the Directory and Resource Administrator Administrator Guide.

Integration Servers

DRA integrates with a Workflow Automation server and Change Guardian servers to provide access to automated workflow forms and Unified Change History (UCH) reports, respectively. With the required powers, you can configure the connection with the Workflow Automation server and one or more Change Guardian servers.

Configuring the Workflow Automation Server

To use Workflow Automation in DRA, the Workflow Engine must be installed on a Windows Server where the automated workflows are created. DRA integration with the Workflow Automation server is configured in the Web Console.

To configure the Workflow Automation server, log in to the Web Console and navigate to Administration > Integrations > Workflow Automation.

Configuring Unified Change History Servers

To configure UCH servers:

Launch the Web Console and log in with AA credentials.
Go to Administration > Integrations > Unified Change History and click the Add icon.
Specify the UCH server name or IP address, port number, server type, and access account details in the Unified Change History configuration.
Test the server connection and click OK to save the configuration.
Add additional servers as required.

2.1.3 Customizing the Web Console

In the Web Console, you can customize object properties and the user interface branding. When implemented correctly, property customizations will help to automate tasks with object management.

Customizing Property Pages

You can customize the object property forms that you use in your Active Directory management role by object type. This includes creating and customizing new object pages that are based on object types that are built into DRA. You can also modify properties for the built-in object types.

Property objects are clearly defined in the Property Pages list in the Web Console so you can easily identify which object pages are built-in, which built-in pages are customized, and which pages are not built-in and were created by an administrator.

Customizing an Object Property Page

You can customize object property forms by adding or removing pages, by modifying existing pages and fields, and by creating custom handlers for property attributes. When you create custom handlers, they automatically execute when a property field changes or when an administrator responds to a prompt to run a query, depending on how the custom handler is configured.

The object list in Property Pages provides two operation types for each object type, Create Object and Edit Properties. These are the principal operations that you perform in the Web Client, and your customizations can improve your efficiency and experience when managing Active Directory objects in DRA.

To customize an object property page in the Web Console:

Navigate to Customization > Property Pages.
Select an object and operation type (create or edit) in the Property Pages list.
Click the Edit button .
Customize the object property form by doing one or more of the following, and then applying your changes:
- Add a new property page: Add Page
- Select a property page and customize the page:
  - Reorder configuration fields in the page:
  - Edit fields or subfields:
  - Add one or more fields: or Add Field
  - Remove one or more fields:
- Create custom handlers for properties by using scripts, message boxes, or queries (LDAP, DRA, or REST)
  
  For more information about using custom handlers, see Adding Custom Handlers.

Adding Custom Handlers

Custom handlers are used in DRA for property attributes to interact with each other to accomplish a workflow task. A few examples of property custom handlers, include querying the value of other fields, updating values, toggling a field’s read-only state, and showing or hiding fields based on configured variables

DRA also simplifies the creation of custom handlers with several selectable JavaScript (JS) macros that you can choose from in the custom handler creation and validation process.

Basic steps for creating a custom handler:

The steps below begin from a pre-selected custom handler page. To get to that point, you access object property custom handlers via the edit button on a property field.

Click the Custom Handlers tab and enable the page .
Choose a custom handler from the drop-down menu, and select an execution time. Normally, you would use the second or third options for Execution Time.

NOTE:Typically you may only require one custom handler, but you can use more than one handler by configuring flow controls in the script to link handlers together.
You will need to configure each custom handler that you add to the page. Configuration options vary by handler type, but all of the handlers execute from JavaScript.

You can create your own Vanilla JavaScript entries or use the built-in macros.
- LDAP or REST Query handlers:
  1. If you want your query to be based on static values, define Connection Information and Query Parameters.
    
    If you want your query to be dynamic, enter placeholder text in the mandatory fields. This is required in order for the script to execute. The script will override the fake values.
    
    NOTE:You can also configure Headers and Cookies for the REST Query.
  2. In Pre-Query Action, select a macro type: Global, Query, or Form Field.
  3. Choose a macro from the drop-down list, and insert the macro (</> Insert Macro).
  4. Insert other macros as needed, and then provide the desired values to complete the script.
    
    As an example, in the Pre-Query Action we’ll use a script to validate that a group name entered by a user does not already exist in Active Directory when the form is submitted.
    
    We need to create an LDAP query using the name entered by the user. We use the Field() macro to access the value of the Name field and build the query string which we then set as the query filter using the Filter() macro.
    Filter() = '(&(objectCategory=group)(objectClass=group)(name=' + Field(name) + '))';
  5. Following through with the example above, in the Post-Query Action we'll check the results returned by the query. The results are returned as an array of objects that matched the query, so we just need to check if the length of the array is greater than 0.
    
    When a matching group is found, we use the Cancel() macro to cancel the form submission, passing the macro an optional message to display to the user.
    
    if (QueryResults().length > 0) { Cancel('A group with that name already exists, please enter a unique name.');}
- Script: Insert custom JavaScript code or use the macros to build the script.
- DRA Query: For the Query Parameters, define a payload in JSON format. Then use macros in similar fashion as described above for LDAP and REST queries.
- Message Box handlers: After defining the properties of the message box itself, use macros in similar fashion as described above for LDAP and REST queries, but instead of Pre-Query and Post-Query actions, you compose the macro scripts for Before-Show and After-Close actions.
Click Test Handlers to validate your script before saving the form.

This will generate a Test Result Summary where you can view the execution results.

NOTE:If the handler depends on the current state of the form (for example, the field has a value), it will not execute successfully, since no data is loaded when editing a form. In those cases the handler will needs to be tested outside the form editor by saving the customization, navigating to the appropriate form, and filling in the required data.

Creating a New Object Property Page

To create a new object property page:

Login to the Web Console and navigate to Customization > Property Pages.
Under Tasks, click Create New Action.
Create the initial object properties form by defining its name, icon, object type, and operation configuration.
Customize the new form as required. See Customizing an Object Property Page.

Customizing User Interface Branding

You can customize the title bar of the DRA Web Console with a your own title and logo image. The placement is directly to the right of the DRA product name. Since this location is also used for top-level navigation, it is hidden by the top-level DRA navigation links after logging in. However, the browser tab continues to display the customized title.

To customize the title branding in DRA:

Login to the Web Console and navigate to Customization > Branding.
If you are adding a company logo, save the logo image in components\lib\img on the Web Server.
Add the required information, as applicable, for the three fields on the branding customization page and save your changes.

2.1.4 Managing Objects in the Web Console

You manage objects in the Web Console by navigating to the Management masthead. From here, you can search by object type for objects in domains, containers, and the Recycle Bin. In the Tasks pane you can create new objects, add and remove members from groups, and move objects.

If you select an object in the search results list, all applicable actions that you can take on that object are displayed in icon tiles above the grid. The options available are based on the object type selected, the components currently configured for DRA, and your assigned administrator privileges.

To edit an object’s properties, select the object and click the Properties tile . From here, you can access all the object’s property pages in the left navigation pane.

IMPORTANT:If you want to protect an object from accidental deletion, scroll to the bottom of the General Properties page, select the check box to enable this feature, and Apply the changes.

For more information about actions you can take on objects, see the following topics:

2.1.5 Utilizing Unified Change History (UCH)

For information on configuring UCH servers, see Configuring Unified Change History Servers.

Searching and Generating Unified Change History Reports

You can search all unified change reports or narrow the search by using the search options. You can only view UCH reports from the Web Console. If you search without parameters, all UCH reports are listed. Adding search parameters will filter which reports are returned in the search.

IMPORTANT:To generate UCH reports, you should have the Generate UI Reports power.

To search for and generate Unified Change History Reports:

Launch the Web Console.
Go to Management > Search.
Execute your search with or without any of the name, location, or child container criteria.

If no criteria is used, the search results will return all objects. To narrow the results, include search criteria.
Click the Search icon to display the search results.
Select the objects for which you want to generate reports.
Click the View Change History Reports icon.

In the Change History Report Criteria, you can edit and generate your report using the criteria such as report types, target objects, start date, end date, maximum rows, or servers (DRA or Change Guardian Server).
Click Generate to fetch audit data and to generate a UCH report.
You can sort and export the report into a required format such as CSV and HTML.

Viewing the Unified Change History Properties

To view the properties of a UCH configured server, navigate to Administration > Integrations > Unified Change History, select the configured server, and then click the Options menu to perform any of the following actions:

Properties: View and update UCH properties.
Test Connection: Verify the server connection.
Delete: Delete the configured UCH server.

2.1.6 Accessing a User’s Change History

You can use the Web Console to view a history of the changes made to or by a user. You can view the following types of changes:

Changes made by the user
Changes made to the user
User mailboxes created by the user
User mailboxes deleted by the user
Group and contact email addresses established by the user
Group and contact email addresses deleted by the user
Virtual attributes created or disabled by the user
Objects moved by the user

To view or generate the Change History report:

Start the Web Console.
Search for the object whose history you want to view.
Click the View Change History Reports icon.
To change the report generation criteria, click Modify.

You can change the start or end dates, the object being tracked, the report type, and other criteria.
To create a CSV file of the report, click Generate.

2.1.7 Using Workflow Automation

With Workflow Automation, you can automate IT processes by launching workflow forms that run on execution of a workflow or when triggered by a named workflow event that is created in the Workflow Automation server.

Workflow forms, when created or modified, are saved to the Web Server. When you log on to the Web Console for this server, you will have access to the forms based on delegated powers and how the forms are configured. Forms are generally available to all users with web server credentials. The capability to submit the form requires appropriate powers.

Launching a workflow form: Workflows are created in the Workflow Automation Server, which must be integrated with DRA via the Web Console. In order to save a new form, you must have either the Launch Specific Workflow or Trigger Workflow by Event option configured in the form properties. More information about these options is provided below:

Launch Specific Workflow: This option lists all the available workflows that are in production in the Workflow Server for DRA. For the workflows to populate in this list, they need to be created in the DRA_Workflows folder in the Workflow Automation server.
Trigger Workflow by Event: This option is used to execute workflows with pre-defined triggers. The workflows with triggers are also created in the Workflow Automation server.

NOTE:Only workflow forms configured with Launch Specific Workflow will have an execution history that can be queried in the main search pane under Management > Requests.

More information about workflow automation is included in the Directory and Resource Administrator Administrator Guide.