Chat now with support
Chat with Support

Identity Manager 9.2 - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Synchronizing an Active Directory environment
Setting up initial synchronization with an Active Directory domain Adjusting the synchronization configuration for Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Active Directory user accounts and identities
Account definitions for Active Directory user accounts and Active Directory contacts Assigning identities automatically to Active Directory user accounts Supported user account types Updating identities when Active Directory user account are modified Automatic creation of departments and locations based on user account information Specifying deferred deletion for Active Directory user accounts and Active Directory contacts
Managing memberships in Active Directory groups Login credentials for Active Directory user accounts Mapping Active Directory objects in One Identity Manager
Active Directory domains Active Directory container structures Active Directory user accounts Active Directory contacts Active Directory groups Active Directory computers Active Directory security IDs Active Directory printers Active Directory sites Reports about Active Directory objects
Handling of Active Directory objects in the Web Portal Basic data for managing an Active Directory environment Configuration parameters for managing an Active Directory environment Default project template for Active Directory Processing methods of Active Directory system objects Active Directory connector settings

Adding Active Directory groups

By requesting this standard product, you can add new security groups or distribution groups in the Active Directory. The requester provides information about the name, container, and domain, if known, of the request. Based on this information, the target system manager specifies the container in which the group will be added and grants approval for the request. The group is created in One Identity Manager and published to the target system.

Prerequisite
  • Identities are assigned to the Target systems | Active Directory application role.

If the QER | ITShop | AutoPublish | ADSGroup configuration parameter is set, the group is added to the IT Shop and the assigned to the shelf Identity & Access Lifecycle | Active Directory groups. The group is assigned to the service category Security group or Distribution group respectively.

Table 58: Default objects for requesting an Active Directory group

Products

Creating an Active Directory security group

Creating an Active Directory distribution group

Service category

Active Directory groups

Shelf

Identity & Access Lifecycle > Group Lifecycle

Approval policies/approval workflows

Approval of Active Directory group create requests

Detailed information about this topic

Changing Active Directory groups

Product owners and target system managers can request updates to the group type and group scope of Active Directory groups in the Web Portal. The target system manager must grant approval for these changes. The changes are published in the target system.

Prerequisites
  • The group can be requested in the IT Shop.

  • Identities are assigned to the Target systems | Active Directory application role.

Table 59: Default objects for changing an Active Directory group

Product

Modifying an Active Directory group

Service category

Not assigned

Shelf

Identity & Access Lifecycle > Group Lifecycle

Approval policies/approval workflows

Approval of Active Directory group change requests

Deleting Active Directory groups

Product owners and target system managers can request deletion of an Active Directory group in the Web Portal. The product owner or target system manager must grant deletion approval. The group is deleted in One Identity Manager and the change is published in the target system.

Prerequisites
  • The group can be requested in the IT Shop.

  • Identities are assigned to the Target systems | Active Directory application role.

Table 60: Default objects for deleting an Active Directory group

Product

Deleting an Active Directory group

Service category

Not assigned

Shelf

Identity & Access Lifecycle > Group Lifecycle

Approval policies/approval workflows

Approval of Active Directory group deletion requests

Active DirectoryRequesting Groups Memberships

Product owners and target system managers can request members for groups in these shelves in the Web Portal. The respective product owner or target system manager must grant approval for this modification. The changes are published in the target system.

Table 61: Default objects for requesting group memberships

Shelves:

Identity & Access Lifecycle > Active Directory groups

Approval policies/approval workflows

Approval of Active Directory group membership requests

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating