|
| Published Date : 30 Sep 2021
Last Updated : 28 Sep 2022
Content Ref: TEC8109672
|
|
New staff and student users in your Active Directory (AD) are provisioned by RM Unify Network Provisioning. They may, or may not, also be automatically added to one or more AD groups that you specified at the time of installation. This article describes how to add or adjust group membership. It applies to RM Unify Network Provisioning on a Vanilla Windows network; it is not suitable for Community Connect® 4 (CC4) networks.
If you are using RM Unify Network Provisioning on a CC4 network, please contact your usual support provider for further assistance. |
To edit the 'BaseConfiguration.xml' file
|
- On the server with the RM Unify Network Agent installed, stop the RM Unify Network Agent service.
- In File Explorer, click View and tick 'Hidden items'.
- Browse to C:\ProgramData\RM\RM Unify Network Agent\RMUPROOT-config\[AD]\Configuration.
- Make a backup copy of the 'BaseConfiguration.xml file' and rename it to an unused filename, e.g. 'BaseConfigurationBACKUP.xml'.
- Right-click the 'BaseConfigurationxml' file and select 'Open with Notepad'.
- The file has a configuration section for each role type: Students, Teachers and NonTeachers. For multi-site configurations, there is a configuration section for each role type per school.
- To adjust the group membership for students, find the role-based section for the school, e.g. <Name>STUDENTS</Name>, or <Name>SUPPORT_SCHOOL STUDENTS</Name> in the case of multi-site.
- In this section, amend the groups in the <UnmanagedGroups> tag as required. Given below are some common examples:
| Path |
Students added as a member of: |
|
<UnmanagedGroups>
<string>CLD Student Users</string>
<string>All Users</string>
<string>Intake[CohortYoE]</
string></UnmanagedGroups> |
CLD Student Users group
All Users group
Intake group based on their RM Unify user's YearofEntry (and taking account of any offset year that may have been configured in the Network Agent), e.g. 'Intake2020' |
|
<UnmanagedGroups>
<string>Students[CohortYoE]</string>
<string>Domain Users</string>
<string>School A Students</string></UnmanagedGroups> |
Students group based on their RM Unify user's YearofEntry, e.g. 'Students 2020'
Domain Users group
School A Students group |
|
<UnmanagedGroups>
<string>Domain Users</string>
<string>StudentsY[CohortYoE:3,2]</string>
<string>All Students</string>
</UnmanagedGroups> |
Domain Users
Students group based on their RM Unify user's YearofEntry, e.g. 'StudentsY20'
All Students |
- Restart the RM Unify Network Agent service.
- New users will be provisioned with the new group memberships.
- Existing users will be added to the additional groups the next time their RM Unify account is updated or synced to the local network.
|
To test new group membership
|
| From the RM Unify Management Console, choose to disable and immediately re-enable a user to see the resultant group membership in AD, or choose to manually create a test user (see the 'Manually create an RM Unify user to test desired results' section below). |
Manually create an RM Unify user to test desired results
|
- Sign in to RM Unify as a user with super admin rights.
- Click Management Console.
- Click 'Sync users from CSV'.
- Click 'Download a sample CSV' and open in Microsoft® Excel.
- Delete all the existing user rows, except the header rows.
- Add one row and populate with data in the required fields. Please see TEC3274284 in the Other Useful Articles section below for assistance, if needed.
- If creating a student, populate the YearofEntry field, for example, with '2021' (without quotes).
- Save the file as '.csv'.
- Back in the Upload CSV page of the Management Console, click Browse.
- Select your file and click OK.
- If creating a student, click the down arrow key next to Select YoE and select the appropriate year, e.g. 'Year 7/Primary 7'. If you are not creating and only testing a student account, tick the 'My CSV does not contain year of entry' box.
- Click Upload.
- Wait for ten minutes for the user to be created in RM Unify and AD.
|
What happens if the user is manually removed from an AD group configured in the BaseConfiguration file?
|
| The next time the user is synced from RM Unify, the Network Agent checks if the user is a member of the groups configured in the BaseConfiguration file and if not, adds them. |
What happens if I remove a group from the 'BaseConfiguration.xml' file?
|
| Existing AD users provisioned from RM Unify are not removed from the group if they already have membership. New users provisioned by the Network Agent are no longer added to the group. |
What happens if the user is manually added to additional AD groups?
|
| The Network Agent does not manage group membership outside of groups configured in the BaseConfiguration file, so the user will remain a member of any additional AD groups they are added to, provided they do not conflict with any other configuration setting. |
What is YearofEntry offset?
|
The '[CohortYOE]' attribute value works in tandem with a YearofEntry offset registry key read by the RM Unify Network Agent:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RM\RM Unify Network Agent\UPTYearOfEntryOffset
For primary schools, this registry key value is usually set to '0'. For secondary schools, this registry key value is usually set to '6'.
How does the YearofEntry offset work?
In RM Unify, a student's YearOfEntry is calculated to be the year in which the student entered the education system as a Year 1 student. For example, if StudentSmith started Year 7 in September 2018, then by default their YearOfEntry is calculated as 2012, i.e. they entered the education system as a Year 1 student in September 2012.
The student's YearOfEntry value is sent to the RM Unify Network Agent along with the student's other attributes, e.g. username, displayname, etc. Using the StudentSmith example above, the RM Unify Network Agent receives a YearOfEntry value of '2012' for StudentSmith.
The year of entry offset key determines how the RM Unify Network Agent uses the YearOfEntry value it receives for a student.
If the offset registry key value is '0', no offset is applied to the student's YearOfEntry value and the default value is retained. It, therefore, assumes that the student's YearOfEntry value means the year in which the student entered the education system as a Year 1 student. Using the StudentSmith example above, the Network Agent processes StudentSmith's YearOfEntry as '2012'.
If the offset registry key value is '6', a six-year offset is applied to the student's YearOfEntry value, i.e. six years are added to the value. This has the effect of displaying the YearOfEntry as the year in which the student entered the education system six years later, as a Year 7 student. Secondary schools often find this useful. Using the StudentSmith example above, the Network Agent will process StudentSmith's YearOfEntry as '2018' (2012+6).
Given below is another example of expected behaviour for a student that started Year 7 in September 2021:
| |
|
|
JSmith's group membership
|
JSmith's MIS year group
as of Sept 2021 |
YearOfEntry calculated by RM Unify,
i.e. when the student entered
education as a Year 1 student |
Student group membership in the 'BaseConfiguration.xml' file |
With offset registry key value=0 |
With offset registry key value=6 |
|
| Year 7 |
2015 |
<string>Intake[CohortYoE]</string> |
Intake2015 |
Intake2021 |
|
| |
|
<string>StudentsY[CohortYoE:3,2]</string> |
StudentsY15 |
StudentsY21 |
|
| |
|
<string>Students 2020</string> |
Students 2020* |
Students 2020* |
|
| |
|
|
*These values remain constant because the <string> value is using actual text and not the '[CohortYoE]' variable |
| |
|
|
If this article has not helped provide a solution then it is also possible to
log a call... |
| |
Document Keywords: RM Unify network provisioning - How to add users to additional groups in Active Directory , ad, new user, solution, rmuvnp, umunp, vanilla, non-cc4, cc4, TEC8109672 |
|
|
|
Symptoms
