Chat now with support
Chat with Support

Identity Manager 8.0.1 - Administration Guide for Connecting to Active Directory

Managing Active Directory Environments Setting up Active Directory Synchronization Base Data for Managing Active Directory Active Directory Domains Active Directory User Accounts Active Directory Contacts Active Directory groups Active Directory Security IDs Active Directory Container Structures Active Directory computer Active Directory Printers Active Directory Locations Reports about Active Directory Objects Appendix: Configuration Parameters for Managing Active Directory Appendix: Default Project Template for Active Directory Appendix: Authentication Modules for Logging into the One Identity Manager

Specifying Categories for Inheriting Active Directory Groups

Specifying Categories for Inheriting Active Directory Groups

Groups and be selectively inherited by user accounts and contacts in One Identity Manager. The groups and user accounts (contacts) are divided into categories in the process. The categories can be freely selected and are specified by a template. Each category is given a specific position within the template. The formatting rule contains tables which map the user accounts (contact) and the groups. Specify your categories for user account (contacts) in the table for user accounts (contacts). Enter your categories fro groups in the group table. Each table contains the category items "Position1" to "Position31".

To define a category

  1. Select the category Active Directory | Domains.
  2. Select the domain in the result list.
  3. Select Change master data in the task view.
  4. Change to the Mapping rule category tab.
  5. Expand the root in the respective table.
  6. Click to enable category.
  7. Enter a category name for user accounts, contacts and groups in your login language.
  8. Save the changes.
Detailed information about this topic

Information about the Active Directory Forest

Information about the Active Directory Forest

The information about the forest is required in One Identity Manager to map trusted domains and group memberships across domains.

The information about the Active Directory forest is loaded into One Identity Manager during synchronization.

To display information about a forest

  1. Select the category Active Directory | Forests.
  2. Select a forest in the result list.
  3. To display a domain's forest, select Forest overview in the task view.
  4. To display a forest's master data, select Change master data in the task view.
Related Topics

Trusted Active Directory Domains

Trusted Active Directory Domains

Read your Windows Server documentation learn about of the concept of trusted domains under Active Directory. Users can access resources in other domains depending on the domain trusts.

  • Explicit trusts are loaded into Active Directory by synchronizing with One Identity Manager. Domains which are trusted by the currently synchronized domains are found.
  • To declare implicit two-way trusts between domains within an Active Directory forest in One Identity Manager, ensure that the parent domain is entered in all child domains.

To enter the parent domain

  1. Select the category Active Directory | Domains.
  2. Select the domain in the result list.
  3. Select Change master data in the task view.
  4. Enter the parent domain.
  5. Save the changes.

    Implicit trusts are created automatically.

To test trusted domains

  1. Select the category Active Directory | Domains.
  2. Select the domain in the result list.
  3. Select Specify trust relationships in the task view.

    This shows domains which trust the selected domain.

Active Directory Account Policies for Active Directory Domains

Active Directory Account Policies for Active Directory Domains

Set up global account policies for a domain. This information is declared in the domain as default settings. You may define several account policies for domains with the function level "Windows Server 2008 R2" or higher. This allows individual users and groups to be subjected to stricter account policies as intended for global groups. Refer to your Active Directory documentation for more information about the concept of fine-grained password policies under Windows Server.

You can also define password policies in the One Identity Manager that you can apply to the user account passwords.

NOTE: The One Identity Manager password policies, global account policy settings for the Active Directory domain and Active Directory account policies are taken into account when verifying user passwords.
Detailed information about this topic
Related Topics
Related Documents