You can restore deprovisioned Active Directory user account and Active Directory groups using One Identity Manager if required. The following methods are used to do this:
Both methods initiate a process for deprovisioning Active Directory objects in Active Roles. The process finds the deprovisioning status, updates some of the Active Directory object properties, like the name and the Active Directory container, in the One Identity Manager database and sets the Active Directory object status to "changed". All the Active Directory object properties are loaded in the One Identity Manager database by the next synchronization and changed to "published".
Use this method to undo Active Directory user account and Active Directory group deprovisioning. You can use this method independent of the deprovisioning method implemented.
To undo Active Directory user account deprovisioning
To undo Active Directory group deprovisioning
You can use this method as an alternative for Active Directory user accounts and Active Directory groups you have deprovisioned using the method "Deprovision not delete". You find the deprovisioned Active Directory object, in this case, in the One Identity Manager database with status "Deleted".
To restore a user account
To restore a group
A default project template ensures that all required information is added in the One Identity Manager. This includes mappings, workflows and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.
Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the .Synchronization Editor
The template uses mappings for the following schema types.
|Schema type in Active Roles||Table in the One Identity Manager schema|