Enter the following data on the General tab.
Table 22: Domain master data
| Domain | NetBIOS domain name. | 
| Full domain name | Name of the domain confirming to DNS syntax. 
Name of this domain.name of parent domain.name of default domain Example | 
| LDAP system type | Type of the LDAP system. | 
| Display name | The display name is used to display the domain in the user interface. This is preset with the domain NetBIOS name; however, the display name can be changed. | 
| Object class | List of classes defining the attributes for this object. The default object class is DOMAIN. However, in the input field, you can add object classes and auxiliary classes that are used by other LDAP and X.500 directory services. | 
| Distinguished name | Distinguished name of the domain. The distinguished name is determined using a template from the full domain name and cannot be edited. | 
| Canonical name | Canonical name of the domain. | 
| Account definition (initial) | Initial account definition for creating user accounts. This account definition is used if automatic assignment of employees to user accounts is used for this domain and if user accounts are to be created that are already managed (Linked configured). The account definition's default manage level is applied. User accounts are only linked to the employee (Linked state) if no account definition is given. This is the case on initial synchronization, for example. | 
| Target system managers | Application role in which target system managers are specified for the domain. Target system managers only edit the objects from domains that are assigned to them. Therefore, each domain can have a different target system manager assigned to it. Select the One Identity Manager application role whose members are responsible for administration of this domain. Use the  button to add a new application role. | 
| Synchronized by | Type of synchronization through which the data is synchronized between the domain and One Identity Manager. You can no longer change the synchronization type once objects for these domains are present in One Identity Manager. If you create a domain with the Synchronization Editor, One Identity Manager is used. 
Table 23: Permitted values
| One Identity Manager  | LDAP connector | LDAP connector |  
| No synchronization | none | none |  NOTE: If you select No synchronization, you can define custom processes to exchange data between One Identity Manager and the target system. | 
| Description | Text field for additional explanation. | 
| Structural object class | Structural object class representing the object type. | 
Related topics
 
    
Enter the following master data on the LDAP tab.
Table 24: LDAP data
| Full domain name | Name of the domain confirming to DNS syntax. 
Name of this domain.name of parent domain.name of default domain Example | 
| Distinguished name | Distinguished name of the domain. The distinguished name is determined using a template from the full domain name and cannot be edited. | 
| Structural object class | Structural object class representing the object type. | 
| Object class | List of classes defining the attributes for this object. The default object class is DOMAIN. However, in the input field, you can add object classes and auxiliary classes that are used by other LDAP and X.500 directory services. | 
| Search mask | Search mask for another LDAP object. | 
 
    
In One Identity Manager, groups can be selectively inherited by user accounts. For this purpose, the groups and the user accounts are divided into categories. The categories can be freely selected and are specified using a mapping rule. Each category is given a specific position within the template. The template contains two tables; the user account table and the group table. Use the user account table to specify categories for target system dependent user accounts. In the group table enter your categories for the target system-dependent groups. Each table contains the Position 1 to Position 31 category positions.
To define a category
- 
In the Manager, select the domain in the LDAP | Domains category. 
- Select the Change master data task. 
- Switch to the Mapping rule category tab. 
- Extend the relevant roots of the user account table or group table. 
- To enable the category, double-click  . .
- Enter a category name of your choice for user accounts and groups in the login language that you use. 
- Save the changes. 
Detailed information about this topic 
 
    
Synchronization projects in which a domain is already used as a base object can also be opened in the Manager. You can, for example, check the configuration or view the synchronization log in this mode. The Synchronization Editor is not started with its full functionality. You cannot run certain functions, such as, running synchronization or simulation, starting the target system browser and others.
NOTE: The Manager is locked for editing throughout. To edit objects in the Manager, close the Synchronization Editor.
To open an existing synchronization project in the Synchronization Editor
- In the Manager, select the LDAP | Domains category. 
- Select the domain in the result list. Select the Change master data task. 
- Select the Edit synchronization project... task. 
Related topics