In case of Design & Work, a new authorization structure was computed on the basis of the read authorization structure in accordance with the Best Practice of Microsoft. This consists of
- new permission- and list groups,
- nesting of available groups and accounts in the new groups, as well as the nesting of new groups in each other, and
- the access rights contained in the groups that have access to the directories.
1. Task of this function
In case of Deploy Groups, the new authorization- and list groups are written in the AD. In these, the provided groups and accounts are nested.
For this you need the write rights on the AD, for example as domain admin
2. Deploy-OU (Organisational Unit)
The groups are stored in an OU of the AD. You have specified this OU previously in the group configuration under “in the OU (canonical name):” here it is displayed once again in the field “Deploy-OU:”. In a standard case, migRaven will generate a further OU with the file server name below the OU specified by you and will store the appropriate groups in it. If you don’t want this file server-OU, you can assign the value “0” to the parameter “Server-OU” in the migRaven.exe.config (more config options).
3. Configured list rights
In the group configuration below the list rights, you could set, which type of list rights should be assigned to which directory levels.
Here one displays again, which list rights are assigned where.
The highlighted bar displays, list authorization groups are assigned from which level up to which level.
These have rights only for the current directory and include the authorization groups of the underlying authorization end points.
No list rights are assigned across the highlighted bars up to level 0.
The authorization groups provided for the authorization end point with list rights for the respective directory are entitled to directories that are below the highlighted bars till before the authorization end point.
4. Following is generated
Here statistical data is made for the list- and authorization groups.
5. One writes with the following account
Normally the groups are written with the account in the AD, with which you started migRaven. If the rights of this account are not sufficient, you have the possibility here to specify another account, which has the required rights. This account is only used for this write procedure.
6. Action – Start the write procedure
The Deploy is started with a checkmark in case of “I confirm this action” and by pressing the button “Start action”.
The report displays the current work steps during deploy, up to the final message “The new AD-groups and the OU were created”.
If this work step is successful, then the project gets status 2 in the project administration.