General Tab Layout



Name & Description



The Name of a profile is the name seen by ADHQ users when attempting to login to ADHQ. Profile names cannot contain the following characters: \, /, :, *, ?, "", <, >, and |.

The Description is only displayed in the Admin Console and allows ADHQ Admins to describe the profile's purpose in a few sentences. The description has no effect on the function of the profile.

Profile Members



The Profile Members field controls who has access to login to ADHQ using this profile. Use the Add button to select a User or Group from Active Directory to add to the grid and the Remove button to delete the selected item from the grid.

The ADHQ Admin Group

All newly created profiles come preconfigured with the ADHQ Admin Group as a member of the profile. This group is added for convenience, and can be removed at any time. If you've removed the group and would like to re-add it as a member of the profile, simply click the down arrow on the Add button to access the option.

Managed Objects



The Managed Objects checkboxes control what types of objects can be modified by users of this profile. For example, if the Users checkbox is cleared here, users of the profile will experience the following changes:

  • Cannot run tools on User objects in the Home Tab of ADHQ
  • Will not see User Collections in the Collections Tab of ADHQ
  • Cannot run the Search & Replace tool on User objects (Home tab ribbon)
  • Cannot search for User objects in the Find tool (Home tab ribbon)

The final checkbox, Show only managed objects, allows you to hide any unmanaged objects from the profile user when they are browsing Active Directory in the Home Tab of ADHQ. Users logged in to the builtin User Manager profile, for instance, will not see any other object types.

Managed Locations



The Managed Locations grid specifies which areas of Active Directory can be managed by users of this profile.

Use the Add button to add OUs or individual objects to the grid. The Add button has the following options available if you click the down arrow:

Add Option Description
Select Domains/OUs The default action. Browse through your directory and choose a Domain or Organizational Unit to add to the list of managed locations.
Import from File Import a list of objects from a data file into the grid.
<Profile User's OU> Add the OU that contains the user account of the person logged into ADHQ.
<Profile User's Domain> Add the domain that contains the user account of the person logged into ADHQ.

Special Locations: <Profile User's OU> and <Profile User's Domain>

These two managed locations are dynamically defined, and will resolve to "real" locations whenever a user logs in using the profile. Using these locations, a single profile can be used to allow several different users to manage objects in their own personalized locations.

Use the Remove button to remove the currently selected item from the list of locations. Clicking the down arrow on the button allows you to Remove All of the items listed.

Use the Level button to change how the currently selected item in the grid is interpreted. There are 3 levels available, which are described in the table below:

Level Description
This Object Only The profile will have the rights to modify only the object listed in the grid. If the item is an OU, users of the profile will only be able to modify the properties of the OU, not any objects within it.
This Object and its Children The profile will have the right to modify the object listed, and its immediate children. If Javelina Software/Sales is listed here, users of the profile will be able to manage the OU itself, and any objects directly within it. However, no objects within sub-OUs (e.g. Javelina Software/Sales/Maryland) will be visible.
Entire Subtree The profile will have the right to modify the object listed, and any object beneath that object within Active Directory. If Javelina Software/Sales is listed with this level, users will have the ability to modify objects within Javelina Software/Sales/Maryland.