Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

Identity Manager 8.1.4 - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Setting up Active Directory synchronization Basic data for managing an Active Directory environment
Account definitions for Active Directory user accounts Password policies for Active Directory user accounts Initial password for new Active Directory user accounts Email notifications about login data User account names Target system managers Editing a server
Active Directory domains Active Directory user accounts
Linking user accounts to employees Supported user account types Entering master data for Active Directory user accounts Additional tasks for managing Active Directory user accounts Automatic assignment of employees to Active Directory user accounts Updating employees when Active Directory user account are modified Automatic creation of departments and locations based on user account information Disabling Active Directory user accounts Deleting and restoring Active Directory user accounts
Active Directory contacts Active Directory groups
Entering master data for Active Directory groups Validity of group memberships Assigning Active Directory groups to Active Directory user accounts, Active Directory contacts, and Active Directory computers Additional tasks for managing Active Directory groups Deleting Active Directory groups Default solutions for requesting Active Directory groups and group memberships
Active Directory security IDs Active Directory container structures Active Directory computers Active Directory printers Active Directory locations Reports about Active Directory objects Configuration parameters for managing an Active Directory environment Default project template for Active Directory

Assigning extended properties to Active Directory groups

Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.

To specify extended properties for a group

  1. In the Manager, select the Active Directory | Groups category.

  2. Select the group in the result list.

  3. Select the Assign extended properties task.

  4. In the Add assignments pane, assign extended properties.

    TIP: In the Remove assignments pane, you can remove assigned extended properties.

    To remove an assignment

    • Select the extended property and double-click .
  5. Save the changes.

For more detailed information about setting up extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

Deleting Active Directory groups

To delete an Active Directory group

  1. Select the Active Directory | Groups category.
  2. Select the group in the result list.
  3. Delete the group using .
  4. Confirm the security prompt with Yes.

The group is deleted completely from the One Identity Manager database and from Active Directory.

NOTE: When a group is deleted, an entry is created in One Identity Manager for the Active Directory SID. For more information, see Active Directory security IDs.

Default solutions for requesting Active Directory groups and group memberships

In One Identity Manager, default products and default approval workflows are provided for requesting Active Directory groups and membership in these groups through the IT Shop. Permissions in this target system are therefore issued by defined approval processes. In the Web Portal, product owners and target system managers can edit properties of these groups and request changes.

For detailed information, see the One Identity Manager Web Portal User Guide.

Detailed information about this topic

Adding Active Directory groups

By requesting this default product, you can add new security groups or distribution groups in the Active Directory. The requester provides information about the name, container, and domain, if known, of the request. Based on this information, the target system manager specifies the container in which the group will be added and grants approval for the request. The group is created in One Identity Manager and published to the target system.

Prerequisite

  • Employees are assigned to the Target systems | Active Directory application role.

If the QER | ITShop | GroupAutoPublish configuration parameter is set, the group is added to the IT Shop and the assigned to the shelf Identity & Access Lifecycle | Active Directory groups. The group is assigned to the service category Security group or Distribution group respectively.

Table 66: Default objects for requesting an Active Directory group

Products

Creating an Active Directory security group

Creating an Active Directory distribution group

Service category

Active Directory groups

Shelf

Identity & Access Lifecycle | Group Lifecycle

Approval policies/approval workflows

Approval of Active Directory group create requests

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating