Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Setting up Active Directory synchronization Basic data for managing an Active Directory environment
Account definitions for Active Directory user accounts Password policies for Active Directory user accounts Initial password for new Active Directory user accounts Email notifications about login data User account names Target system managers Editing a server
Active Directory domains Active Directory user accounts
Linking user accounts to employees Supported user account types Entering master data for Active Directory user accounts Additional tasks for managing Active Directory user accounts Automatic assignment of employees to Active Directory user accounts Updating employees when Active Directory user account are modified Automatic creation of departments and locations based on user account information Disabling Active Directory user accounts Deleting and restoring Active Directory user accounts
Active Directory contacts Active Directory groups
Entering master data for Active Directory groups Validity of group memberships Assigning Active Directory groups to Active Directory user accounts, Active Directory contacts, and Active Directory computers Additional tasks for managing Active Directory groups Deleting Active Directory groups Default solutions for requesting Active Directory groups and group memberships
Active Directory security IDs Active Directory container structures Active Directory computers Active Directory printers Active Directory locations Reports about Active Directory objects Configuration parameters for managing an Active Directory environment Default project template for Active Directory

Active Directory container structures

Containers are represented by a hierarchical tree structure. The containers that already exist can be loaded from the Active Directory environment into the One Identity Manager database by synchronization. System containers, which are entered into the One Identity Manager database are labeled correspondingly. These are only taken into account in the synchronization when the relevant configuration option is set.

Setting up Active Directory containers

To edit container master data

  1. In the Manager, select the Active Directory | Contacts category.

  2. Select the container in the result list and run the Change master data task.

    - OR -

    Click in the result list.

  3. Edit the container's master data.

  4. Save the changes.
Detailed information about this topic

Master data for an Active Directory container

Enter the following data for a container.

Table 70: Master data for a container
Property Description


Container name.

Distinguished name

Container's distinguished name. The distinguished name for the new container is made up of the container name, the object class, the parent container, and the domain, and it cannot be modified.

Structural object class Structural object class representing the object type.

Object class

List of classes defining the attributes for this object. The object classes listed are read in from the database during synchronization with the Active Directory environment. You can also enter object classes in to the input field. Other properties can be edited depending on the object class.

NOTE: New containers should be set up as organizational units (ORGANIZATIONALUNIT object class). Organizational units (for example, branches, or departments) are used organize Active Directory objects, such as users, groups, and computers, in a logical way and therefore make administration of the objects easier. Organizational units can be managed in a hierarchical container structure.


Container domain

Parent container

Parent container for mapping a hierarchical container structure. The distinguished name is automatically updated using templates.

Account manager

Manager responsible for the container.

To specify an account manager

  1. Click next to the field.
  2. In the Table menu, select the table that maps the account manager.
  3. In the Account manager menu, select the manager.
  4. Click OK.
Target system manager

Application role in which target system managers are specified for the container. Target system managers only edit container objects that are assigned to them. Each container can have a different target system manager assigned to it.

Select the One Identity Manager application role whose members are responsible for administration of this container. Use the button to add a new application role.


Street or road.

Zip code

Zip code.





Country ID

The country ID.


Text field for additional explanation.

Extended Function

Filter criteria for other representations of the container. Containers marked with this option are only shown in the Active Directory user account and computer manager when advanced mode console view is active.

Protected from accidental deletion Specifies whether to protect the container against accidental deletion. If this option is set, delete permissions are removed from the container object.
Related topics

Additional tasks for managing Active Directory containers

After you have entered the master data, you can run the following tasks.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating