Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationSynchronize Role but not Administrators?Synchronize Role but not Administrators?
Previous
 
Next
New Post
1/4/2007 5:36 PM
 
Darren Stahlhut

Joined: 7/2/2006
Posts: 11

Hi Everyone,

The Problem:
We run DNN 4.3.5 for our intranet. We have Windows Authentication and Synchronize Roles running. There are several departments in our company and syncing the roles works well for us. But we also have a large IT Department so there are several members in AD's Administrators group. When this AD Group gets sync'd with DNN's Administrators Role those members become Portal Admins… which is no good for us. An example of why its no good is the CIO is a member of the AD Administrators group, but he wants to see a “normal” looking Intranet and does not want or need the ability to alter our DNN Portal… that’s my job!

The questions & potential solutions:

  1. Is there a way to prevent a particular AD group from synchronizing with the DNN role (in my case the Administrators group) but still sync all the other roles?
    Or if that’s not possible...
  2. Is there a way to prevent a particular User from synchronizing roles but still sync all the other users?
    Or as a last resort...
  3. Is there a way to rename the DNN Administrators Role? To DNNAdministrators for example. What effect will this have on the stability of the DNNPortal as a whole? If I can change that DNN Role name to something else then as long as there’s no AD Group with that name the problems solved!

If someone has achieved (or can think of a way to achieve) either of the first two please post your ideas. I don’t mind getting my hands dirty so if there's some Stored Procedure I can alter or some other code please let me know, I'm sure the AD DNN community would be very keen to hear about it. I'm going to test out the 3rd potential solution on a test server and will let everyone know the results.

The way forward:
I love the concept of Synchronizing Roles and it works really well for 99% of our users. But wouldn't it be better to have a Synchronize Roles checkbox for each of the DNN Roles under the Security Roles menu rather than a general Synchronize Roles checkbox in the Authentication menu? That way the portal admins can decide exactly which roles to sync.

Regards,

Darren Stahlhut
 
New Post
1/4/2007 7:28 PM
 
Darren Stahlhut

Joined: 7/2/2006
Posts: 11

Replying to my own post

In SQL dbo.Roles I've changed RoleName from Administrators to DNNAdministrators. The result is a bit ugly but it works... sort of.

What happens is any members of the Administrators Role lose the ability to Admin the portal. This sounds bad I know, but... to put it another way, no one can admin the portal anymore except the Host/SuperUser. You can make any user a SuperUser which means they have Admin & Host rights.

Like I said its a bit ugly because the user gets Admin & Host rights which may not work for your specific situation. In my situation I'm only person to be able to Admin our Intranet and it doesn't matter if I'm the Host aswell.

To make someone a SuperUser just jump into SQL and change their record in the dbo.Users table so that IsSuperUser = True

In our Windows Authenticated / AD Sync'd Intranet environment it will do the job for now until a better solution is posted.

Regards,
Darren Stahlhut

PS. Sorry about the text sizes in the last post... it was a long day

 
New Post
1/5/2007 10:56 AM
 
Dan Ball

Joined: 1/31/2005
Posts: 771

A couple of things to mention:

1.  You can restructure your AD groups to not include actual user names in the Administrator groups.  I.e., nested groups are not supported (currently) in DNN.  Put the personnel that are currently in the Administrators group into a different group, then put that group into the Adminstrators group.  They will still have the same AD permissions, but won't get added to the Administrators group in DNN.

2.  Using DNN with a superuser account isn't as glamerous as it sounds.  I started out doing that, but found there were several modules that had issues with those type of accounts because they don't show up in the normal list of users for the portal.  You'll find a lot of things that don't work right.  I ended up creating a seperate account for myself that I use to do host-level functions, and left my normal account as a site administrator.
 
New Post
1/17/2007 6:15 AM
 
Keith Honeyman

Joined: 12/9/2005
Posts: 6

I realised this problem recently too as we need to set up AD authentication.

I changed the name of the Administrators role in both the aspnet_Roles table (both the name and lowered name) and the Roles table of DNN. So far this seems to work fine and the existing user accounts in the administrators group still retain all their administrator status. I've yet to test it fully though and if a module were to check administrator permission based on the Role name instead of the Role ID then problems will arise.
 
 Page 1 of 1
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthenticationSynchronize Role but not Administrators?Synchronize Role but not Administrators?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out