Account policies are loaded into the One Identity Manager database during synchronization. You have the option to edit existing account policies and add new ones.
To enter main data of an account policy
In the Manager, select the Active Directory > Account policies category.
Select the account policy in the result list and run the Change main data task.
- OR -
Click 
Edit the account policy's main data.
Enter the following data on the General tab.
| Property | Description |
|---|---|
|
Name |
Account policy name |
|
Domain |
Active Directory domain for which the account policy is available. |
|
Distinguished name |
Distinguished name of the account policy. The distinguished name is formed based on rules and is made up of the name of the account policy, the system container for password policies Password Settings Container, and the domain. |
|
Display name |
Display name to display in the One Identity Manager tools. |
|
Simple display |
Display name for systems that cannot interpret all the characters of normal display names. |
|
Description |
Text field for additional explanation. |
Enter the following main data on the Policies tab.
| Property | Description |
|---|---|
|
Block duration [min] |
Block duration in minutes. Enter the time period the account should be locked for before it is automatically reset. |
|
Reset account [min] |
Duration in minutes of account reset. Enter the time period that can elapse between two invalid attempts to enter a password before a user account is locked. |
|
Max. errors |
Maximum number of errors. Set the number of invalid passwords. If the user has reached this number the user account is blocked. |
|
Max. password age |
Maximum age of the password. Enter the length of time a password can be used before it expires. |
|
Minimum password lifetime |
Minimum age of the password. Enter the length of time a password has to be used before the user is allowed to change it. |
|
Minimum password length |
Minimum length of the password. Use this option to specify that a password has to be complex. |
|
Password history |
Enter the number of passwords to be saved. For example, if you enter the value 5, the last 5 passwords for the user are saved. |
|
Ranking |
Ranking for password settings. If several account polices are assigned to a user account or a group, the account policy is used that has the lowest value. |
|
Complex passwords |
Specifies how complicated the password has to be. Complex passwords must fulfill certain minimum prerequisites. |
|
Save passwords with reversible encryption |
Details for encrypting passwords. By default, passwords that are saved in Active Directory are encrypted. When you use this option, passwords are saved in plain text and can be restored again. |
If several account policies are assigned to one user account, the actual account policy is found using specific rules. If there are no special account policy the domain setting apply. Refer to the concept of fine-grained password guidelines under Active Directory in the documentation for your Windows Server for information about the calculation rules.
To specify account policies for user accounts
In the Manager, select the Active Directory > Account policies category.
Select the account policy in the result list.
Select in the Assign user accounts task.
In the Add assignments pane, assign the user accounts.
TIP: In the Remove assignments pane, you can remove assigned user accounts.
To remove an assignment
Select the user account and double-click 
To specify account policies for groups
In the Manager, select the Active Directory > Account policies category.
Select the account policy in the result list.
Select the Assign groups task.
In the Add assignments pane, assign the groups.
TIP: In the Remove assignments pane, you can remove the assignment of groups.
To remove an assignment
Select the group and double-click
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center
