Select users and groups

With the Select Users and Groups dialog box, you can search the directory server's database and then, from the result set, select the accounts you want to add as Access Control Entries (ACEs) to the object's Access Control List (ACL). These ACEs will be assigned default permissions which you can view and edit later, using the object's security editor.

See Enterprise Manager's Select Users and Groups dialog box for a graphic of this dialog box.

If the query does not find all the users or groups you are looking for, simply issue another search. You can return to the object's Select Users and Groups dialog box as often as you need.

Select Object Type
Select the object type to search for. See Users and Groups for more information about the special accounts #AUTHENTICATED-USERS and #CREATOR-OWNER.
Select Realm
Select the realm to search. For each directory configuration object that exists, there will be one realm in the drop down list.
Search Criteria
Build your search using the following parameters.

Search Attribute: Select whether you wish to search on Short Name or Display Name.

Search Pattern: Enter the name or string you want to search for.

This search type... will search for accounts ...
Starts with ... whose name begins with the characters you enter.
Exact match ... with the exact characters you type.

Wildcard characters are not supported. Therefore, a "Starts with" search pattern of a? would only find names with a as the first character and a question mark as the second. It would not find names starting with ab.

Logical, or boolean, operators (OR, AND, NOT) are not supported.

Leave the search string blank to return all names, regardless of whether you use Starts with or Exact match, and subject to the Maximum results returned value. But see the Caution below.

Sort Order: Choose a sort order for how the result set will appear: Ascending (A-Z), Descending (Z-A), or None. If your search includes both Groups and Users and the sort order is None, the result set will stack all Groups that meet the search criteria first, followed by all Users that meet the search criteria. If the directory service does not support sorting, Enterprise Manager informs you and thereafter only None will be available.

Maximum results returned: Enter a maximum number of results to return, with the value applying separately to both Users and Groups if both are selected. For example, if you select both Users and Groups, set the Maximum result returned to 500, and if your directory service has at least 500 entries of each type that meet the search criteria, your result set will have 1,000 names.

CAUTION  Setting Maximum results returned to zero (0) will return all accounts that meet the search criteria. To request all accounts in the Realm, leave the search criteria blank and enter 0 into Maximum results returned. Use 0 with caution since requesting all values from an extremely large directory service could result in very long search time.

Find
Click Find to run the query against the directory service. Any result set from an earlier search will be replaced by the results of the current search.
Results
Displays the users and groups found by the search, sorted according to the Sort Order set above. Icons display whether the account is a user or a group. See Directory service provider integration for more information.

Display Name: Displays whatever directory service attribute has been configured as the User Display Name Attribute.

Short Name: Displays whatever directory service attribute has been configured as the Logon Attribute.

Principal Name: (if using a non-Windows directory server): The complete, unambiguous name in the format of the authentication provider.
Principal Name: (if using Windows Active Directory): The display is constructed by Content Engine by taking the first part of the SamAccountName, adding"@", and then adding the domain from the actual UPN.

Select the names you want to add to the ACL of the object. To select multiple names: click one name, then hold down CTRL and click each additional name. If you select a name you don't want, hold down CTRL and click the name again. To select many in sequence or all: click the first name in the sequence, then hold down SHIFT and click the last name.

Click OK to add selected names to the ACL of the object. Then use the security editor to view and edit their permissions.

If there are no names you want to add, either click Cancel to close the Select Users and Groups dialog box, or issue another search.

NOTE  If you access the Select Users and Groups dialog box while changing an object's owner, then you can select only one name, since an object can have only one owner.