A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.
Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.
The project template uses mappings for the following schema types.
Table 71: Mapping Active Directory schema types to tables in the One Identity Manager schema
|
builtInDomain |
ADSContainer |
|
computer |
ADSMachine |
|
contact |
ADSContact |
|
container |
ADSContainer |
|
domainDNS |
ADSDomain |
|
forest (virtual schema type) |
ADSForest |
|
group |
ADSGroup |
|
inetOrgPerson |
ADSAccount |
|
msDS-PasswordSettings |
ADSPolicy |
|
organizationalUnit |
ADSContainer |
|
printQueue |
ADSPrinter |
|
serverInSite |
ADSMachineInADSSite |
|
site |
ADSSite |
|
trustedDomain |
DomainTrustsDomain |
|
user |
ADSAccount |
The following table describes permitted editing methods for Active Directory schema types and the necessary restrictions for processing the system objects.
Table 72: Methods available for processing Active Directory schema types
|
Domain (domainDNS) |
Yes |
No |
No |
Yes |
|
Forest (forest) |
Yes |
No |
No |
No |
|
Password policies (msDS-PasswordSettings) |
Yes |
Yes |
Yes |
Yes |
|
Trusted domain (trustedDomain) |
Yes |
No |
No |
No |
|
Container (container) |
Yes |
Yes |
Yes |
Yes |
|
Container (builtInDomain) |
Yes |
Yes |
Yes |
Yes |
|
Container (organizationalUnit) |
Yes |
Yes |
Yes |
Yes |
|
User accounts (user) |
Yes |
Yes |
Yes |
Yes |
|
User accounts (inetOrgPerson) |
Yes |
Yes |
Yes |
Yes |
| Contacts (contact) |
Yes |
Yes |
Yes |
Yes |
| Groups (Group) |
Yes |
Yes |
Yes |
Yes |
|
Computer, server (computer) |
Yes |
Yes |
Yes |
Yes |
|
Computer: location assignments (serverInSite) |
Yes |
No |
No |
No |
|
Location (site) |
Yes |
No |
No |
No |
|
Printer (printQueue) |
Yes |
No |
No |
No |
The following settings are configured for the system connection with the Active Directory connector.
Table 73: Active Directory connector settings
|
Domain |
Full domain name.
Variable: CP_ADRootdn |
|
User account |
User account for logging in to the target system.
Variable: CP_BASELoginaccount
If the currently logged in user account is used, leave this field empty. The user account running under the One Identity Manager Service requires the permissions described in Users and permissions for synchronizing with Active Directory.
NOTE: If you do not enter a user account, the current user account is also used in the Synchronization Editor during configuration. This user account may be different to the One Identity Manager Service's user account
In this case, it is recommended you use the RemoteConnectPlugin. This ensures that the same user account is used during configuration with the Synchronization Editor as is used in the service context. |
|
Password |
The user account’s password.
Variable: CP_BASEPassword |
|
Authentication type |
Authentication type for target system login. The Secure authentication type is used by default.
For more information about authentication types, see the MSDN Library.
Variable: CP_ADAuthentication |
|
Domain controller |
Full name of the domain controller for connecting to the synchronization server to provide access to Active Directory objects.
Example:
<Name of servers>.<Fully qualified domain name>
Variable: CP_ADServer |
|
Port |
Communications port on the domain controller.
Default value: 389
Variable: CP_ADPort |
|
Use SSL |
Specifies whether to use a secure connection. |
|
When restoring objects with the same distinguished name or GUID from the recycle bin. |
Specifies whether deleted Active Directory objects are taken into account on insertion.
Set this option if, when adding an object, the system first checks whether the object is in the Active Directory recycling bin and must be restored.
Default: False
Variable: CP_ADEnableTombstone |
|
Allow read and write access to Remote Access Service (RAS) properties. |
Specifies whether Remote Access Service (RAS) properties are synchronized.
Default: False
Variable: CP_ADEnableras |
|
Allow read and write access to the terminal service properties. |
Specifies whether terminal server properties are synchronized.
Default value: True
Variable: CP_ADEnableterminal |
|
Extensions |
(Expert mode only) The schema used in synchronization can be customized by adding additional auxiliary classes to structural classes. The extension methods apply to the structural class and its derived classes. |
