Chat now with support
Chat with Support

Identity Manager 9.2 - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Synchronizing an Active Directory environment
Setting up initial synchronization with an Active Directory domain Adjusting the synchronization configuration for Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Active Directory user accounts and identities
Account definitions for Active Directory user accounts and Active Directory contacts Assigning identities automatically to Active Directory user accounts Supported user account types Updating identities when Active Directory user account are modified Automatic creation of departments and locations based on user account information Specifying deferred deletion for Active Directory user accounts and Active Directory contacts
Managing memberships in Active Directory groups Login credentials for Active Directory user accounts Mapping Active Directory objects in One Identity Manager
Active Directory domains Active Directory container structures Active Directory user accounts Active Directory contacts Active Directory groups Active Directory computers Active Directory security IDs Active Directory printers Active Directory sites Reports about Active Directory objects
Handling of Active Directory objects in the Web Portal Basic data for managing an Active Directory environment Configuration parameters for managing an Active Directory environment Default project template for Active Directory Processing methods of Active Directory system objects Active Directory connector settings

Terminal server connection data for Active Directory user accounts

NOTE: Terminal server properties are only synchronized and provisioned if the Enable terminal server properties option is set.

Enter the following data for adding a user profile, which will be made available for logging the Active Directory user account on to a terminal server. A profile directory can be provided, which is available to the user to log on to a terminal server for terminal server sessions. A home directory can be added on the terminal server in the same way.

NOTE: If the QER | Person | User | ConnectHomeDir configuration parameter is set, some of the following data for the home directory is formed automatically. In the Designer, you can set the configuration parameter as required.

Table 36: Main data for a terminal server
Property Description

Login permitted on terminal server

Specifies whether terminal server login is allowed. Enable this option to allow a user to log on to a terminal server.

Use own configuration

Specifies whether a startup program can be defined. Enable this option to specify a program, which should be started when you log on to the terminal server and enter the program's command line and working directory.

NOTE: If this data is inherited from the client, disable this option.

Command line

Command line to start the program.

Working directory

Working directory of program to start.

Connect client drives at login Specifies whether client drive connections should automatically be restored when logging into a terminal server.

Connect client printers at login

Specifies whether client printer connections should automatically be restored when logging on to a terminal server.

Client default printer

Specifies whether default printer connections should automatically be restored when logging into a terminal server.

Active session limit [min]

Maximum connection time in minutes. After the time is exceeded the connection to the terminal server is detached or ended.

End disconnected session [min]

Time period in minutes for maintaining a disconnected connection.

Idle session limit [min]

Maximum time without client activity before the connection is detached or ended.

Connect disconnected session from previous client

Specifies whether a disconnected session can be restored from an arbitrary client computer.

End session if connection is interrupted

Specifies whether a session should be returned to a disconnected state if the connection is interrupted.

Enable remote control

Specifies whether remote monitoring or control is enabled for this session.

Get permission of user

Specifies whether permission needs to be obtained for the user to monitor the session.

Display user session

Specifies whether to monitor the user session

Interact with session

Specifies whether the user to be monitored can input data into the session over the keyboard or mouse.

Profile server

Profile server. If you assigned an account definition, the profile server is determined from the current IT operating data for the assigned identity depending on the manage level.

Profile share

The share that is stored under the user’s profile directory on the profile server. Default is TPROFILES.

Profile directory path

Name of the profile directory for the user under the profile share. By default, the login name (pre Windows 2000) is used to format the profile directory path.

Profile path

The full path to the user’s profile directory.

Home server

Home server. If you assigned an account definition, the profile server is determined from the current IT operating data for the assigned identity depending on the manage level.

Home share

The share that is stored under the user’s home directory on the home server. Default is THOMES.

Home directory path

Name of the home directory for the user under the home share. By default, the login name (pre Windows 2000) is used to format the home directory path.

Shared as

Home directory share. This share is formatted using the default home directory path.

Home drive

The drive to be connected when the user logs in. The default domain home drive is used.

Home directory

Home directory. The given home directory is automatically added and shared by the One Identity Manager Service.

Related topics

Extension data for Active Directory user accounts

Enter the user-defined Active Directory schema extensions for the user account.

Table 37: Extension data
Property Description

Extensions data

Custom extension data in binary format.

Attribute extension 01 - attribute extension 15

Additional company-specific information. Use the Designer to customize display names, formats, and templates for the input fields.

Further data for identifying Active Directory user accounts

Enter the following address data used by this user account for contacting the identity.

Table 38: Main data for identification
Property Description

Office

Office. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Street

Street or road. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Mailbox

Mailbox. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Zip code

Zip code. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

City

City. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. Locations can be automatically generated and identities assigned based on the town.

State

State. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Country ID

The country ID.

Company

Identity's company. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Department

Identity's department If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. Departments can be automatically generated and identities assigned based on the department data.

Job description

Job description. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Identity's ID.

Identity's unique marker, for example their ID.

Personnel number

Number for identifying the identity, in addition to their ID.

Account manager

Manager responsible for the user account.

To specify an account manager

  1. Click next to the field.
  2. In the Table menu, select the table that maps the account manager.
  3. In the Account manager menu, select the manager.
  4. Click OK.
Related topics

Contact information for Active Directory user accounts

Enter the data used by this user account for contacting the identity by telephone.

Table 39: Contact data
Property Description

Phone

Telephone number. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Phone private

Private telephone number.

Fax

Fax number. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Mobile phone

Mobile number. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level.

Pager

Pager number.

Website

Website.

IP telephone number

IP telephone number.

Comment

Text field for additional explanation.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating