Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Setting up Active Directory synchronization Basic data for managing an Active Directory environment
Account definitions for Active Directory user accounts Password policies for Active Directory user accounts Initial password for new Active Directory user accounts Email notifications about login data User account names Target system managers Editing a server
Active Directory domains Active Directory user accounts
Linking user accounts to employees Supported user account types Entering master data for Active Directory user accounts Additional tasks for managing Active Directory user accounts Automatic assignment of employees to Active Directory user accounts Updating employees when Active Directory user account are modified Automatic creation of departments and locations based on user account information Disabling Active Directory user accounts Deleting and restoring Active Directory user accounts
Active Directory contacts Active Directory groups
Entering master data for Active Directory groups Validity of group memberships Assigning Active Directory groups to Active Directory user accounts, Active Directory contacts, and Active Directory computers Additional tasks for managing Active Directory groups Deleting Active Directory groups Default solutions for requesting Active Directory groups and group memberships
Active Directory security IDs Active Directory container structures Active Directory computers Active Directory printers Active Directory locations Reports about Active Directory objects Configuration parameters for managing an Active Directory environment Default project template for Active Directory

Remote access service dial-in permissions

NOTE: Remote Access Service (RAS) are only synchronized and provisioned if the Enable RAS properties option is set.

Allocate remote dial-up permissions for the user account in the network and specify the callback option. The following data can be edited depending on the selected domain mode (mixed or native).

Enter the following master data on the RAS tab.

Table 40: Remote access service
Property Description

Dial-up permitted

Specifies whether the user may dial up the network. Permitted values are:

Allow access

This permits the user to dial up the network.

Deny access

With this users are not allowed to dial up the network.

Control access through Remote Access Policy

This data specifies that access to the network is controlled over RAS guidelines. RAS guidelines are usually used to apply the same access permissions to several Active Directory user accounts.

No callback

The callback function is switched off by this option.

Set by caller

The server expects the user to input the number that he can be called back on.

Always callback

The server tries to call the user back over the given number.

Verifying caller ID A predefined number with which the user should dial into the network.
Static IP address A fixed IP address assigned to the user.
Static routes with IP address, network address and metric

Target network IP addresses, network addresses and metrics for dialing in over fixed routes.

Related topics

Connection data for terminal servers

Table 41: Configuration parameters for terminal server properties
Configuration parameter Effect when set

QER | Person | User | ConnectHomeDir

This configuration parameter specifies whether the home directory should also be mounted when the user logs in.

NOTE: Terminal server properties are only synchronized and provisioned if the Enable terminal server properties option is set.

Enter the following data for adding a user profile, which will be made available for logging the Active Directory user account on to a terminal server. A profile directory can be provided, which is available to the user to log on to a terminal server for terminal server sessions. A home directory can be added on the terminal server in the same way.

NOTE: If the QER | Person | User | ConnectHomeDir configuration parameter is set, some of the following data for the home directory is formed automatically. If necessary, in the Designer, set the configuration parameter.

Enter the following data on the Terminal service tab.

Table 42: Master data for a terminal server
Property Description

Login permitted on terminal server

Specifies whether terminal server login is allowed. Enable this option to allow a user to log on to a terminal server.

Use own configuration

Specifies whether a startup program can be defined. Enable this option to specify a program, which should be started when you log on to the terminal server and enter the program's command line and working directory.

NOTE: If this data is inherited from the client, disable this option.

Command line

Command line to start the program.

Working directory

Working directory of program to start.

Connect client drives at login Specifies whether client drive connections should automatically be restored when logging into a terminal server.

Connect client printers at login

Specifies whether client printer connections should automatically be restored when logging on to a terminal server.

Client default printer

Specifies whether default printer connections should automatically be restored when logging into a terminal server.

Active session limit [min]

Maximum connection time in minutes. After the time is exceeded the connection to the terminal server is detached or ended.

End disconnected session [min]

Time period in minutes for maintaining a disconnected connection.

Idle session limit [min]

Maximum time without client activity before the connection is detached or ended.

Connect disconnected session from previous client

Specifies whether a disconnected session can be restored from an arbitrary client computer.

End session if connection is interrupted

Specifies whether a session should be returned to a disconnected state if the connection is interrupted.

Enable remote control

This option specifies whether remote monitoring or control is enabled for this session.

Get permission of user

You specify whether permission needs to be obtained for the user to monitor the session.

Display user session

Specifies whether to monitor the user session

Interact with session

Specifies whether the person monitoring can input data into the session over the keyboard or the mouse.

Profile server

Profile server. If you assigned an account definition, the profile server is determined from the current IT operating data for the assigned employee depending on the manage level.

Profile share

The share that is stored under the user’s profile directory on the profile server. Default is TPROFILES.

Profile directory path

Name of the profile directory for the user under the profile share. By default, the login name (pre Windows 2000) is used to format the profile directory path.

Profile path

The full path to the user’s profile directory.

Home server

Home server. If you assigned an account definition, the profile server is determined from the current IT operating data for the assigned employee depending on the manage level.

Home share

The share that is stored under the user’s home directory on the home server. Default is THOMES.

Home directory path

Name of the home directory for the user under the home share. By default, the login name (pre Windows 2000) is used to format the home directory path.

Shared as

Home directory share. This share is formatted using the default home directory path.

Home drive

The drive to be connected when the user logs in. The default domain home drive is used.

Home directory

Home directory. The given home directory is automatically added and shared by the One Identity Manager Service.

Related topics

Extensions data for an Active Directory user account

On the Extensions tab, you enter the user-defined Active Directory schema extensions for the user account.

Table 43: Extensions data
Property Description
Extensions data Custom extension data in binary format.
Attribute extension 01 - attribute extension 15

Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields.

Further identification data

Enter the following address data for contacting the employee on the Identification tab.

Table 44: Master data for identification
Property Description

Office

Office. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Street

Street or road. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Mailbox

Mailbox. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Zip code

Zip code. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

City

City. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. Locations can be automatically generated and employees assigned based on the town.

State

State. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Country ID

The country ID.

Company

Employee's company. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Department

Employee's department If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. Departments can be automatically generated and employees assigned based on the department data.

Job description

 Job description. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Employee ID

Employee's unique marker, for example their ID.

Employee number

Number for identifying the employee in addition to their ID.

Account manager

Manager responsible for the user account.

To specify an account manager

  1. Click next to the field.
  2. In the Table menu, select the table that maps the account manager.
  3. In the Account manager menu, select the manager.
  4. Click OK.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating