Chat now with support
Chat with Support

Identity Manager 9.2 - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Synchronizing an Active Directory environment
Setting up initial synchronization with an Active Directory domain Adjusting the synchronization configuration for Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Active Directory user accounts and identities
Account definitions for Active Directory user accounts and Active Directory contacts Assigning identities automatically to Active Directory user accounts Supported user account types Updating identities when Active Directory user account are modified Automatic creation of departments and locations based on user account information Specifying deferred deletion for Active Directory user accounts and Active Directory contacts
Managing memberships in Active Directory groups Login credentials for Active Directory user accounts Mapping Active Directory objects in One Identity Manager
Active Directory domains Active Directory container structures Active Directory user accounts Active Directory contacts Active Directory groups Active Directory computers Active Directory security IDs Active Directory printers Active Directory sites Reports about Active Directory objects
Handling of Active Directory objects in the Web Portal Basic data for managing an Active Directory environment Configuration parameters for managing an Active Directory environment Default project template for Active Directory Processing methods of Active Directory system objects Active Directory connector settings

Configuring synchronization in Active Directory domains

The synchronization project for initial synchronization provides a workflow for initial loading of target system objects (initial synchronization) and one for provisioning object modifications from the One Identity Manager database to the target system (provisioning). To use One Identity Manager as the primary system during synchronization, you also require a workflow with synchronization in the direction of the Target system.

To create a synchronization configuration for synchronizing Active Directory domains

  1. In the Synchronization Editor, open the synchronization project.

  2. Check whether the existing mappings can be used to synchronize into the target system. Create new maps if required.

  3. Create a new workflow with the workflow wizard.

    This creates a workflow with Target system as its direction of synchronization.

  4. Create a new start up configuration. Use the new workflow to do this.

  5. Save the changes.
  6. Run a consistency check.

Related topics

Configuring synchronization of several Active Directory domains

In some circumstances, it is possible to use a synchronization project to synchronize different Active Directory domains.

Prerequisites
  • The target system schema of the domains are identical.

  • All virtual schema properties used in the mapping must exist in the extended schema of the domains.

To customize a synchronization project for synchronizing another domain

  1. Prepare a user account with sufficient permissions for synchronizing in the other domain.

  2. In the Synchronization Editor, open the synchronization project.

  1. Create a new base object for every other domain.

    • Use the wizard to attach a base object.

    • In the wizard, select the Active Directory connector.

    • Declare the connection parameters. The connection parameters are saved in a special variable set.

    A start up configuration is created that uses the newly created variable set.

  2. Change other elements of the synchronization configuration as required.

  3. Save the changes.
  4. Run a consistency check.

Related topics

Supporting POSIX extensions

One Identity Manager support synchronization of POSIX properties for user accounts, contacts, and groups.

Corresponding synchronization steps are already provided in workflows in the default template for synchronization projects. These synchronization steps are created if the posixAccount and posixGroup schema classes exist in the schema. By default, the synchronization steps are disabled and must be enabled if required. Use the workflow wizard in the Synchronization Editor for this. For more information, see the One Identity Manager Target System Synchronization Reference Guide.

Related topics

Changing system connection settings of Active Directory domains

When you set up synchronization for the first time, the system connection properties are set to default values that you can modify. There are two ways to do this:

  1. Specify a specialized variable set and change the values of the affected variables.

    The default values remain untouched in the default variable set. The variables can be reset to the default values at any time. (Recommended action).

  2. Edit the target system connection with the system connection wizard and change the effected values.

    The system connection wizard supplies additional explanations of the settings. The default values can only be restored under particular conditions.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating