Chat now with support
Chat with Support

Identity Manager 9.2 - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Synchronizing an Active Directory environment
Setting up initial synchronization with an Active Directory domain Adjusting the synchronization configuration for Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Active Directory user accounts and identities
Account definitions for Active Directory user accounts and Active Directory contacts Assigning identities automatically to Active Directory user accounts Supported user account types Updating identities when Active Directory user account are modified Automatic creation of departments and locations based on user account information Specifying deferred deletion for Active Directory user accounts and Active Directory contacts
Managing memberships in Active Directory groups Login credentials for Active Directory user accounts Mapping Active Directory objects in One Identity Manager
Active Directory domains Active Directory container structures Active Directory user accounts Active Directory contacts Active Directory groups Active Directory computers Active Directory security IDs Active Directory printers Active Directory sites Reports about Active Directory objects
Handling of Active Directory objects in the Web Portal Basic data for managing an Active Directory environment Configuration parameters for managing an Active Directory environment Default project template for Active Directory Processing methods of Active Directory system objects Active Directory connector settings

Processing methods of Active Directory system objects

The following table describes permitted editing methods for Active Directory schema types and the necessary restrictions for processing the system objects.

Table 72: Methods available for processing Active Directory schema types
Type Read Add Delete Refresh

Domain (domainDNS)

Yes

No

No

Yes

Forest (forest)

Yes

No

No

No

Password policies (msDS-PasswordSettings)

Yes

Yes

Yes

Yes

Trusted domain (trustedDomain)

Yes

No

No

No

Container (container)

Yes

Yes

Yes

Yes

Container (builtInDomain)

Yes

Yes

Yes

Yes

Container (organizationalUnit)

Yes

Yes

Yes

Yes

User accounts (user, posixUser)

Yes

Yes

Yes

Yes

User accounts (inetOrgPerson)

Yes

Yes

Yes

Yes

Contacts (contact, posixContact)

Yes

Yes

Yes

Yes

Groups (group, posixGroup)

Yes

Yes

Yes

Yes

Computer, server (computer)

Yes

Yes

Yes

Yes

Computer: location assignments (serverInSite)

Yes

No

No

No

Location (site)

Yes

No

No

No

Printer (printQueue)

Yes

No

No

No

Active Directory connector settings

The following settings are configured for the system connection with the Active Directory connector.

Table 73: Active Directory connector settings

Setting

Meaning

Domain

Full domain name.

Variable: CP_ADRootdn

User account

User account for logging in to the target system.

Variable: CP_BASELoginaccount

If the currently logged in user account is used, leave this field empty. The user account running under the One Identity Manager Service requires the permissions described in Users and permissions for synchronizing with Active Directory.

NOTE: If you do not enter a user account, the current user account is also used in the Synchronization Editor during configuration. This user account may be different to the One Identity Manager Service's user account

In this case, it is recommended you use the RemoteConnectPlugin. This ensures that the same user account is used during configuration with the Synchronization Editor as is used in the service context.

Password

The user account’s password.

Variable: CP_BASEPassword

Authentication type

Authentication type for target system login. The Secure authentication type is used by default.

For more information about authentication types, see the MSDN Library.

Variable: CP_ADAuthentication

Domain controller

Full name of the domain controller for connecting to the synchronization server to provide access to Active Directory objects.

Example:

<Name of servers>.<Fully qualified domain name>

Variable: CP_ADServer

Port

Communications port on the domain controller.

Default value: 389

Variable: CP_ADPort

Use SSL

Specifies whether to use a secure connection.

When restoring objects with the same distinguished name or GUID from the recycle bin.

Specifies whether deleted Active Directory objects are taken into account on insertion.

Set this option if, when adding an object, the system first checks whether the object is in the Active Directory recycling bin and must be restored.

Default: False

Variable: CP_ADEnableTombstone

Allow read and write access to Remote Access Service (RAS) properties.

Specifies whether Remote Access Service (RAS) properties are synchronized.

Default: False

Variable: CP_ADEnableras

Allow read and write access to the terminal service properties.

Specifies whether terminal server properties are synchronized.

Default value: True

Variable: CP_ADEnableterminal

Extensions

(Expert mode only) The schema used in synchronization can be customized by adding additional auxiliary classes to structural classes. The extension methods apply to the structural class and its derived classes.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating