One Identity Manager supports the connection of Active Directory systems through an integrated connector. Additional Active Directory relevant functionality, for example, Microsoft Exchange, Office Communication Services or Active Directory Lightweight Directory Service (AD LDS), is not supported through this connector.
One Identity Manager is assumed to be the master in the default configuration of processes and synchronization behavior and is allowed to bypass workflows. Default behavior requires an administrative account. workflows can still be controlled by the integrated connector. You may need to define custom processes in One Identity Manager in order to use this functionality.
NOTE: For more detailed information about applying, managing, and configuring an server, see your One Identity Active Roles documentation.
NOTE: This guide only goes into specific features of using the Connector. For detailed documentation on managing an Active Directory environment with One Identity Manager, see One Identity Manager Administration Guide for Connecting to Active Directory.
The following servers are used for managing an Active Directory environment with One Identity Manager and :
- server
server that establishes the connection to the Active Directory domain controller. The synchronization server connects to this server.
- Synchronization server
The synchronization server executes the communication between the One Identity Manager Service and . The One Identity Manager Service with the connector is installed on this server. Data entries required for synchronization and administration with the One Identity Manager database are processed by the synchronization server. The synchronization server connects to the server.
The One Identity Manager connector uses the ADSI interface for communicating with an instance. The connector is used for synchronization and provisioning Active Directory. The connector connects to an instance, which then connects to the Active Directory domain controller.
Figure 1: The synchronization architecture
Scenario
You want to manage an Active Directory domain, currently managed by , with One Identity Manager. Self-Service Manager is not implemented.
Select one of the following editions modules when you install the One Identity Manager database:
- One Identity Manager Active Directory Edition
- One Identity Manager
Initial synchronization of Active Directory domains with One Identity Manager must be carried out by the connector. All other synchronization is also carried out by the connector.
- Create a synchronization project with the Synchronization Editor by using the default project template for .
Scenario
You want to manage an Active Directory domain, currently managed by , with One Identity Manager. Self-Service Manager is implemented. The functionality should be transferred to the One Identity Manager‘s IT Shop.
Select one of the following editions modules when you install the One Identity Manager database:
- One Identity Manager Active Directory Edition
- One Identity Manager
In the One Identity Manager Active Directory Edition, there is direct support for transferal of Self-Service Manager functionality to the One Identity Manager's IT Shop. If you are using the One Identity Manager Edition, run the following steps before initial synchronization:
- In the Designer, set the "QER | Policy | GroupAutoPublish" configuration parameter.
- In the Designer, set the "QER | ITShop | GroupAutoPublish | ADSGroupExcludeList" configuration parameter and specify Active Directory groups which are not to be added automatically to the IT Shop.
- In the Designer, set the "TargetSystem | ADS | ARS_SSM" configuration parameter.
- Compile the database.
Active Directory domain synchronization with One Identity Manager must be carried out by the connector. All other synchronization is also carried out by the connector.
- Create a synchronization project with the Synchronization Editor by using the default project template for .
Scenario
You want to manage an Active Directory domain, currently managed by One Identity Manager, with . Currently, Active Directory domain synchronization is carried out by the Active Directory connector.
To manage the Active Directory domains with One Identity Active Roles
- In the Synchronization Editor, delete the existing synchronization project.
- Create a synchronization project with the Synchronization Editor by using the default project template for .
Detailed information about this topic
One Identity Manager supports synchronization with versions 6.9, 7.0, 7.2, 7.3.1, 7.3.3, 7.4.1, 7.4.3., and 7.4.4.
To load Active Directory objects into the One Identity Manager database for the first time
- Prepare a user account with sufficient permissions for synchronizing in Active Directory.
-
One Identity Manager components for managing Active Directory environments are available if the TargetSystem | ADS configuration parameter is enabled.
- Install and configure a synchronization server and declare the server as a Job server in One Identity Manager.
-
Transfer of One Identity Manager Self-Service Manager functionality into the Active Directory is directly supported in the IT Shop One Identity Manager Edition. If you are using the One Identity Manager Edition, run the following steps before initial synchronization:
- In the Designer, set the QER | ITShop | GroupAutoPublish configuration parameter.
- In the Designer, set the QER | ITShop | GroupAutoPublish | ADSGroupExcludeList configuration parameter and specify the Active Directory groups that are not to be added automatically to the IT Shop.
- In the Designer, set the TargetSystem | ADS | ARS_SSM configuration parameter
- Compile the database.
- Create a synchronization project with the Synchronization Editor.
Detailed information about this topic
