Chat now with support
Chat with Support

Identity Manager 8.0.1 - Administration Guide for Connecting to Active Directory

Managing Active Directory Environments Setting up Active Directory Synchronization Base Data for Managing Active Directory Active Directory Domains Active Directory User Accounts Active Directory Contacts Active Directory groups Active Directory Security IDs Active Directory Container Structures Active Directory computer Active Directory Printers Active Directory Locations Reports about Active Directory Objects Appendix: Configuration Parameters for Managing Active Directory Appendix: Default Project Template for Active Directory Appendix: Authentication Modules for Logging into the One Identity Manager

Active Directory Security IDs

Active Directory Security IDs

The security ID (SID) is used in the One Identity Manager to identify user accounts and groups from other domains. This is required, amongst other things, for synchronizing group memberships of two domains. Furthermore, the SID is used to find access permission at file system level.

Example

Domain A is synchronized with the One Identity Manager. Domain B is not synchronized at first. The domains are in a trust relationship. There are user accounts of domain A and domain B in groups of domain A.

Group memberships are identified when domain A is synchronized. User accounts from domain A are assigned based on their identifier. The SIDs are found for user accounts from domain B and entered in the One Identity Manager.

If Active Directory domain B is synchronized at later, the user accounts are identified based on their SIDs and the user accounts are assigned directly to the groups in domain B. The SID is removed from the One Identity Manager database.

To display security IDs

  • Select the category Active Directory | Active Directory SIDs.

Note: When you delete an Active Directory object, a SID entry is created in One Identity Manager.

Active Directory Container Structures

Active Directory Container Structures

Containers are represented by a hierarchical tree structure. The containers that already exist can be loaded from the Active Directory environment into the One Identity Manager database by synchronization. System containers, which are entered into the One Identity Manager database are labeled correspondingly. These are only taken into account in the synchronization when the relevant configuration option is set.

Setting Up Active Directory Containers

Setting Up Active Directory Containers

To edit container master data

  1. Select the category Active Directory | Container.
  2. Select the container in the result list and run Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit the container's master data.
  4. Save the changes.
Detailed information about this topic

Master Data for an Active Directory Container

Master Data for an Active Directory Container

Enter the following data for a container.

Table 77: Master Data for a Container
Property Description

Name

Container name.

Distinguished name

Container's distinguished name. The distinguished name for the new container is made up from the container name, the object class, the parent container and the domain and cannot be modified.

Structural object class Structural object class representing the object type.

Object class

List of classes defining the attributes for this object. The object classes listed are read in from the database during synchronization with the Active Directory environment. You can also enter object classes in to the input field. Other properties can be edited depending on the object class.

NOTE: You should set up newly added containers as organizational units (object class "ORGANIZATIONALUNIT"). Organizational units (e.g. branches or departments) are used organize Active Directory objects, such as users, groups and computers, in a logical way and therefore make administration of the objects easier. Organizational units can be managed in a hierarchical container structure.

Domain

Container domain

Parent container

Parent container for mapping a hierarchical container structure. The distinguished name is automatically updated using templates.

Account manager

Manager responsible for the container.

To specify an account manager

  1. Click next to the text box.
  2. Under Table, select the table which maps the account manager.
  3. Select the manager under Account manager.
  4. Click OK.
Target system manager

Application role in which target system managers are specified for the container. Target system managers only edit container objects that are assigned to them. Each container can have a different target system manager assigned to it.

Select the One Identity Manager application role whose members are responsible for administration of this container. Use the button to add a new application role.

Street

Street or road.

Zip code

Zip code.

Location

Location.

State

State.

Country ID

The country ID.

Description

Spare text box for additional explanation.

Extended Function

Filter criteria for other representations of the container. Containers marked with this option are only shown in the Active Directory user account and computer manager when advanced mode console view is active.

Protected from accidental deletion Specifies whether to protect the container against accidental deletion. If this option is set, delete permissions are removed from the container object.
Related Topics
Related Documents