Chat now with support
Chat with Support

Identity Manager 8.2.1 - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Synchronizing an Active Directory environment
Setting up initial synchronization with an Active Directory domain Adjusting the synchronization configuration for Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing Active Directory user accounts and employees
Account definitions for Active Directory user accounts and Active Directory contacts Assigning employees automatically to Active Directory user accounts Supported user account types Updating employees when Active Directory user account are modified Automatic creation of departments and locations based on user account information Specifying deferred deletion for Active Directory user accounts and Active Directory contacts
Managing memberships in Active Directory groups Login information for Active Directory user accounts Mapping of Active Directory objects in One Identity Manager
Active Directory domains Active Directory container structures Active Directory user accounts Active Directory contacts Active Directory groups Active Directory computers Active Directory security IDs Active Directory printers Active Directory sites Reports about Active Directory objects
Handling of Active Directory objects in the Web Portal Basic data for managing an Active Directory environment Configuration parameters for managing an Active Directory environment Default project template for Active Directory Processing methods of Active Directory system objects Active Directory connector settings

Configuring synchronization in Active Directory domains

The synchronization project for initial synchronization provides a workflow for initial loading of target system objects (initial synchronization) and one for provisioning object modifications from the One Identity Manager database to the target system (provisioning). To use One Identity Manager as the primary system during synchronization, you also require a workflow with synchronization in the direction of the Target system.

To create a synchronization configuration for synchronizing Active Directory domains

  1. In the Synchronization Editor, open the synchronization project.

  2. Check whether the existing mappings can be used to synchronize into the target system. Create new maps if required.

  3. Create a new workflow with the workflow wizard.

    This creates a workflow with Target system as its direction of synchronization.

  4. Create a new start up configuration. Use the new workflow to do this.

  5. Save the changes.
  6. Run a consistency check.

Related topics

Configuring synchronization of several Active Directory domains

In some circumstances, it is possible to use a synchronization project to synchronize different Active Directory domains.

Prerequisites
  • The target system schema of the domains are identical.

  • All virtual schema properties used in the mapping must exist in the extended schema of the domains.

To customize a synchronization project for synchronizing another domain

  1. Prepare a user account with sufficient permissions for synchronizing in the other domain.

  2. In the Synchronization Editor, open the synchronization project.

  1. Create a new base object for every other domain.

    • Use the wizard to attach a base object.

    • In the wizard, select the Active Directory connector.

    • Declare the connection parameters. The connection parameters are saved in a special variable set.

    A start up configuration is created that uses the newly created variable set.

  2. Change other elements of the synchronization configuration as required.

  3. Save the changes.
  4. Run a consistency check.

Related topics

Changing system connection settings of Active Directory domains

When you set up synchronization for the first time, the system connection properties are set to default values that you can modify. There are two ways to do this:

  1. Specify a specialized variable set and change the values of the affected variables.

    The default values remain untouched in the default variable set. The variables can be reset to the default values at any time. (Recommended action).

  2. Edit the target system connection with the system connection wizard and change the effected values.

    The system connection wizard supplies additional explanations of the settings. The default values can only be restored under particular conditions.

Detailed information about this topic

Editing connection parameters in the variable set

The connection parameters were saved as variables in the default variable set when synchronization was set up. You can change the values in these variables to suit you requirements and assign the variable set to a start up configuration and a base object. This means that you always have the option to use default values from the default variable set.

NOTE: To guarantee data consistency in the connected target system, ensure that the start-up configuration for synchronization and the base object for provisioning use the same variable set. This especially applies if a synchronization project for synchronization uses different Active Directory domains.

To customize connection parameters in a specialized variable set

  1. In the Synchronization Editor, open the synchronization project.

  2. Select the Configuration > Target system category.

  3. Open the Connection parameters view.

    Some connection parameters can be converted to variables here. For other parameters, variables are already created.

  4. Select a parameter and click Convert.

  5. Select the Configuration > Variables category.

    All specialized variable sets are shown in the lower part of the document view.

  6. Select a specialized variable set or click on in the variable set view's toolbar.

    • To rename the variable set, select the variable set and click the variable set view in the toolbar . Enter a name for the variable set.

  7. Select the previously added variable and enter a new value.

  8. Select the Configuration > Start up configurations category.

  9. Select a start up configuration and click Edit.

  10. Select the General tab.

  11. Select the specialized variable set in the Variable set menu.

  12. Select the Configuration > Base objects category.

  13. Select the base object and click .

    - OR -

    To add a new base object, click .

  14. Select the specialized variable set in the Variable set menu.

  15. Save the changes.

For detailed information about using variables and variable sets, or restoring default values and adding base objects, see the One Identity Manager Target System Synchronization Reference Guide.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating