Chat now with support
Chat with Support

Identity Manager 8.1 - Configuration Guide

About this guide One Identity Manager software architecture Customizing the One Identity Manager default configuration Adjusting the One Identity Manager base configuration One Identity Manager schema basics Editing the user interface
Object definitions for the user interface User interface navigation Forms for the user interface Statistics in One Identity Manager Extending the Launchpad Task definitions for the user interface Applications for configuring the user interface Icons and images for configuring the user interface Using predefined database queries
Localization in One Identity Manager Process orchestration in One Identity Manager
Setting up Job servers in Designer Configuring the One Identity Manager Service Handling processes in One Identity Manager
Tracking changes with process monitoring Conditional compilation using preprocessor conditions Scripts in One Identity Manager Reports in One Identity Manager Adding custom tables or columns to the One Identity Manager schema Web service integration SOAP Web Service One Identity Manager as SPML provisioning service provider Processing DBQueue tasks Appendix: Configuration files of the One Identity Manager Service

Notes on message output

You should never use the VB.Net functions Msgbox and Inputbox on servers. Use the functions VID_Write2Log, RaiseMessage or AppData.Instance.RaiseMessage.

For examples of One Identity Manager Service log file output, see the script examples on the installation medium in the QBM\dvd\AddOn\SDK\ScriptSamples directory.

Notes on using date values

Time stamps, such as insert dates or modification dates, are stored in the database with the respective UTC. The object layer transforms this time data into the currently valid time zone data when an object is loaded. The user, therefore, sees all the values in local time. When an object is saved the current time zone data is transformed into UTC data.

NOTE: The use of DateTime.Now in scripts must be critically tested. It is better to use DateTime.UTCNow than DateTime.Now to display the value to users.

It is not recommended to convert date values in non-U.S. notation from the String data type to the DateTime data type in scripts:

Value = CDate("2014-12-31")

This always causes a problem if the script is running on a U.S. system. In the best case, you are sent an error message like "Cast from type Date is not valid". In the worst case the wrong date is returned as month and day are swapped (3.12.2014 becomes 12.3.2014).

If possible, you should avoid a string conversion altogether in this case. The DateTime type provides several constructors for this purpose. For the example above, that would be:

Value = new DateTime(2014, 12, 31)

However, if the data type String is to be used, the ISO date notation should be applied as this is converted correctly in all settings:

Value = CDate("2014-12-31")

Value = CDate("2014-12-31 15:22:12")

The complicated version is to input the language code format for the date:

Value = DateTime.Parse("12.31.2014", new CultureInfo("en-US"))

Value = DateTime.ParseExact("12.31.2014", "mm.dd.yyyy", CultureInfo.InvariantCulture)

Using dollar ($) notation

The $ notation is used to access object properties in the One Identity Manager. If you are using dollar ($) notation you need to ensure that the value is allocated the correct data type. The $ notation returns a String type by default. If another data type is specified, it is internally converted with ToString.

Permitted data types are:










String (default)


NOTE: If you want to use a $ sign in scripts, but not have the sign representing access to a column name, you must mask it by doubling.


In Windows PowerShell scripts, instead of:

theScript.AppendLine("foreach ($Domain in $Domains)")


theScript.AppendLine("foreach ($$Domain in $$Domains)")

Detailed information about this topic

Accessing local object columns


$<column name>:<data type>$

Examples for use in templates

The Active Directory user display name should comprise of the first and last name of the Active Directory user. The template for ADSAccount.Displayname is:

If $Givenname$<>"" And $Surname$<>"" Then

Value = $Surname$ & " " & $Givenname$

ElseIf $Givenname$<>"" Then

Value = $Givenname$

ElseIf $Surname$<>"" then

Value = $Surname$

End If

If an employee is disabled, the leaving date should be set. The template for Person.Exitdate is:

If $IsInActive:bool$ Then

Value = Date.Today

End If

Related Topics
Related Documents