I had a colleague (actually the First Minion, Erebus) using Modifier with VBA to create a customisation of the Account Maintenance window ( ) in Dynamics GP 2013 R2 (for a client who does not and will not be using the web client). This customisation required a small number of fields and the save button to be added to VBA.
When he was adding the fields everything was fine, but as soon as he tried to add the save button the cursor changed to a standard one and did not allow the save button to be added. Microsoft Dynamics GP 2013 R2 saw the introduction of the action pane (or ribbon bar as I keep on calling it):
Over the course of the series I have run through the installation and configuration of several parts of Config AD, but there is still a lot of functionality that I haven’t covered.
For example, I have shown how to associate a GP user with a Windows AD account, but not how to disassociate them. I also didn’t show how SSRS security could also be assigned to users in Config AD; largely because I didn’t have SSRS installed and configured on my test box.
The main reason I haven’t covered even more than I have is that I enjoy playing around with different software and want to move onto something else. I’ve enjoyed the opportunity to have a go with Config AD which I found easy to install, easy to configure and that it provides a lot of functionality which brings together the security setup of Dynamics GP into one location.
Something I find very annoying in Dynamics GP is that to create a user, grant company access and assign roles you need to enter the System Password at least three times (unless you’re just copying security from another user wholesale), but Config AD allows you to configure all of this after logging into it once.
If you’re looking for an add-on which will both simplify the maintenance of Dynamics GP security (and I assume the effect would be the same for the other Dynamics products it integrates with) and allow for single sign on, then Config AD is definitely worth considering.
With the Config AD Desktop installed, we need to configure it for use; many of the steps in this section are only required the first time you run Config AD Desktop on a machine.
Start Config AD Desktop from the Windows Start Screen (or Start menu for those on an older version of Windows) and click on File ¯ options:
While this isn’t difficult to do, it is more fiddly than I ideally want. There is, however, a command that can be run in a Command Prompt to set install mode and another one to switch it off.
I always forget what these commands are so figured by posting them here it would both give me easy access to remind myself, but also that I find posting here helps things stick in memory anyway.
So to set XenApp into install mode open a command prompt (Win + R followed by typing cmd) and type the following:
change user /install
Once the program has finished installing, switch the server back to normal by entering the following command:
change user /execute
To install the Config AD Desktop run the setup.exe in the Config AD Desktop 2.1.3 folder and accept the security warning:
The Config AD Desktop requires that Config AD itself be installed. The installation on the client is the same as on the Domain Controller with one exception.
On the Add Active Directory Right-Click Menu tab set the option to Don’t add either menu:
With the service installed, the next stage is to configure the service. This is done by accessing Config AD and then opening the Config AD Options () and then select the Service tab:
On this tab there are several options which can be enabled/disabled:
- Disable/Delete Feature Enabled – When this option is enabled a choice can be made as to the interval the process cycles at and whether Dynamics GP users should be disabled or deleted when the AD account is deleted.
- Auto Logout Feature – This option will logout users after the specified number of minutes inactivity.
- AD Group Security – This option will provision new users and assign/revoke access to GP users based upon AD Group membership of AD Groups that are setup in Config AD for GP access
As well as the above options, you also need to specify the Login name that should be used to access SQL Server.
Config AD includes a service which can run on any machine within the network; the service can automatically log users out after a period of inactivity and will also disable/delete GP user accounts when the AD user is deleted.
A service account is needed to run the Config AD service; this account needs to be a Domain User account and also needs to be either a Domain Admin or have the following permissions:
- Read Property and List Contents permission to the Deleted Objects container in Active Directory (non-admin users will not have these permissions by default, but they can be granted: further details available from Microsoft Support).
- Read All Properties permission to the container(s) where your users are located.
- Log on as a service permission.
- A SQL Login on the SQL Server for the domain user.
With a suitable service account, find the Fastpath.ADServiceSetup.msi in the /FPConfigAD 22.214.171.124/Config AD Service 3.3.0 folder.
This month marks 10 years since Packt Publishing embarked on its mission to deliver effective learning and information services to IT professionals. In that time it has published over 2,000 titles and helped projects become household names and awarding over $400,000 through its Open Source Project Royalty Scheme.
To celebrate this milestone, from June 26th, Packt is offering all of its eBooks and Videos at just $10 each for 10 days (four days remaining); this promotion covers every title and there are no restrictions on the number of titles that can be bought by July 5th.