Active Directory Objects
Use these pages to specify the users, computers, groups, and organizational units you want Workspace Environment Management (WEM) to manage.
Note:
Add users, computers, groups, and OUs to WEM so that the agent can manage them.
Users
A list of your existing users and groups. You can use Find to filter the list by name or ID against a text string.
To add a user or group
- Select Add from the context menu.
- Enter a user or group name in the Select Users or Groups window and then click OK.
After connecting your Citrix Cloud account to your Azure Active Directory (AD), you can also add Azure AD users and groups. Complete the following steps:
- Click the down arrow next to Add. The Add Azure AD User window appears.
- In the Add Azure AD User window, type information in the search bar and then click Search to display matched users or groups.
- Select applicable users or groups and then click OK.
For information about connecting Citrix Cloud to Azure AD, see Connect Azure Active Directory to Citrix Cloud.
Name. The name of the user or group.
Description. Shown only in the Edit Item dialog, letting you specify additional information about the user or group.
Item Priority. Lets you configure priority between different groups and user accounts. The priority determines the order in which the actions you assign are processed. Type an integer to specify a priority. The greater the value, the higher the priority. If there is a conflict (for example, when mapping different network drives with the same drive letter), the group or user account with the higher priority prevails.
Important:
When assigning Group Policy settings, the priority you configure here does not work. To set the priority for them, use Administration console > Assignments. For more information, see Contextualize Group Policy settings.
Item State. Lets you choose whether a user or group is enabled or disabled. If disabled, you cannot assign actions to it.
Machines
A list of machines that have been added to the current configuration set. Only machines listed here are managed by Workspace Environment Management. You can use Find to filter the list by name or ID against a text string.
When agents on these machines register with the infrastructure service, the infrastructure service sends them the necessary machine-dependent settings related to the configuration set. To improve the user experience, the infrastructure service caches data related to the configuration set for the agents. Data caching allows the infrastructure service to retrieve data from AD less frequently. The cache refreshes on an hourly basis. Changing agents to a different configuration set can take some time to take effect.
Tip:
To check whether agents on these machines are correctly registered with the infrastructure server, see Agents in the Administration section.
To add a computer or computer group to the current configuration set
- Use the Add Object context menu command or button.
- In the Select Computers or Groups dialog, select a computer or computer group, then click OK.
To add computers in an organizational unit to the configuration set
- Use the Add OU context menu command or button.
- In the Organizational Units dialog, select an organizational unit, then click OK.
To edit computer, computer group, or OU details
- Select an item in the list.
- Use the Edit context menu command or button.
- In the Edit item dialog, any of the following details (which are not read-only), then click OK.
Name*. The computer, computer group, or OU name.
Distinguished Name*. The distinguished name (DN) of the selected computer or computer group. This field allows you to differentiate different OUs if they have the same Name.
Description. Additional information about the computer, computer group, or OU.
Type*. The selected type (Computer, Group, or Organizational Unit)
Item State. The state of the computer, computer group, or OU (enabled or disabled). If disabled, the computer, computer group, or OU is not available to assign actions to.
Item Priority. This allows you to configure priority between different groups and user accounts. The priority determines the order in which the actions you assign are processed. The greater the value, the higher the priority. Type an integer. If there is a conflict (for example, when mapping different network drives with the same drive letter), the group or user account with the higher priority prevails.
* Read-only details reported from Active Directory.
Advanced
Provides settings that control whether to apply settings to agents that are not bound to any configuration set.
The following settings apply to your entire WEM deployment. They are not associated with any configuration sets. After you enable them, go to the “Unbound Agents” configuration set and then configure settings there so that you can control how unbound agents behave.
-
Apply settings to unbound agents. Lets you apply the settings of the “Unbound Agents” configuration set to agents that you have not yet added in Active Directory Objects.
- Include unbound non-domain-joined agents. Lets you control whether to apply the settings to unbound non-domain-joined agents.