Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Setting up Active Directory synchronization Basic data for managing an Active Directory environment
Account definitions for Active Directory user accounts Password policies for Active Directory user accounts Initial password for new Active Directory user accounts Email notifications about login data User account names Target system managers Editing a server
Active Directory domains Active Directory user accounts
Linking user accounts to employees Supported user account types Entering master data for Active Directory user accounts Additional tasks for managing Active Directory user accounts Automatic assignment of employees to Active Directory user accounts Updating employees when Active Directory user account are modified Automatic creation of departments and locations based on user account information Disabling Active Directory user accounts Deleting and restoring Active Directory user accounts
Active Directory contacts Active Directory groups
Entering master data for Active Directory groups Validity of group memberships Assigning Active Directory groups to Active Directory user accounts, Active Directory contacts, and Active Directory computers Additional tasks for managing Active Directory groups Deleting Active Directory groups Default solutions for requesting Active Directory groups and group memberships
Active Directory security IDs Active Directory container structures Active Directory computers Active Directory printers Active Directory locations Reports about Active Directory objects Configuration parameters for managing an Active Directory environment Default project template for Active Directory

Changing Active Directory groups

Product owners and target system managers can request updates to the group type and group scope of Active Directory groups in the Web Portal. The target system manager must grant approval for these changes. The changes are published in the target system.

Prerequisites

  • The group can be requested in the IT Shop.

  • Employees are assigned to the Target systems | Active Directory application role.

Table 67: Default objects for changing an Active Directory group

Product

Modifying an Active Directory group

Service category

Not assigned

Shelf

Identity & Access Lifecycle | Group Lifecycle

Approval policies/approval workflows

Approval of Active Directory group change requests

Deleting Active Directory groups

Product owners and target system managers can request deletion of an Active Directory group in the Web Portal. The product owner or target system manager must grant deletion approval. The group is deleted in One Identity Manager and the change is published in the target system.

Prerequisites

  • The group can be requested in the IT Shop.

  • Employees are assigned to the Target systems | Active Directory application role.

Table 68: Default objects for deleting an Active Directory group

Product

Deleting an Active Directory group

Service category

Not assigned

Shelf

Identity & Access Lifecycle | Group Lifecycle

Approval policies/approval workflows

Approval of Active Directory group deletion requests

Active DirectoryRequesting Groups Memberships

Table 69: Default objects for requesting group memberships

Shelves:

Identity & Access Lifecycle | Active Directory groups

Approval policies/approval workflows

Approval of Active Directory group membership requests

Product owners and target system managers can request members for groups in these shelves in the Web Portal. The respective product owner or target system manager must grant approval for this modification. The changes are published in the target system.

Related topics

Active Directory security IDs

The security ID (SID) is used in One Identity Manager to identify user accounts and groups from other domains. This is required, amongst other things, for synchronizing group memberships of two domains. Furthermore, the SID is used to find access permission at file system level.

Example

Domain A is synchronized with One Identity Manager. Domain B is not synchronized at first. The domains are in a trust relationship. There are user accounts of domain A and domain B in groups of domain A.

Group memberships are identified when domain A is synchronized. User accounts from domain A are assigned based on their identifier. The SIDs are found for user accounts from domain B and entered in One Identity Manager.

If Active Directory domain B is synchronized at later, the user accounts are identified based on their SIDs and the user accounts are assigned directly to the groups in domain B. The SID is removed from One Identity Manager database.

To display security IDs

  • Select the Active Directory | Active Directory SIDs category.

NOTE: When you delete an Active Directory object, a SID entry is created in One Identity Manager.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating