立即与支持人员聊天
与支持团队交流

Identity Manager 9.3 - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Synchronizing an Active Directory environment
Setting up initial synchronization with an Active Directory domain Adjusting the synchronization configuration for Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Active Directory user accounts and identities
Account definitions for Active Directory user accounts and Active Directory contacts Assigning identities automatically to Active Directory user accounts Supported user account types Updating identities when Active Directory user account are modified Automatic creation of departments and locations based on user account information Specifying deferred deletion for Active Directory user accounts and Active Directory contacts
Managing memberships in Active Directory groups Login credentials for Active Directory user accounts Mapping Active Directory objects in One Identity Manager
Active Directory domains Active Directory container structures Active Directory user accounts Active Directory contacts Active Directory groups Active Directory computers Active Directory security IDs Active Directory printers Active Directory sites Reports about Active Directory objects
Handling of Active Directory objects in the Web Portal Basic data for managing an Active Directory environment Configuration parameters for managing an Active Directory environment Default project template for Active Directory Processing methods of Active Directory system objects Active Directory connector settings

Handling of user directories when deleting Active Directory user accounts

When a user accounts is deleted the configuration parameter defining handling of user directories is taken into account. In the Designer, check the configuration parameters and modify them as necessary to suit your requirements.

Table 41: Configuration parameters for deleting user accounts
Configuration parameter Effect when set

QER | Person | User | DeleteOptions

This configuration parameter to control behavior when users are deleted

QER | Person | User | DeleteOptions | FolderAnonymPre

If the delete options specify that a directory or a share should not be deleted, it is renamed and the given prefix is applied.

QER | Person | User | DeleteOptions | HomeDir

Deletes the user home directory.

QER | Person | User | DeleteOptions | HomeShare

Deletes the user home share.

QER | Person | User | DeleteOptions | ProfileDir

Deletes the user profile directory.

QER | Person | User | DeleteOptions | ProfileShare

Deletes the user profile share.

QER | Person | User | DeleteOptions | TerminalHomeDir

Deletes the user terminal home directory.

QER | Person | User | DeleteOptions | TerminalHomeShare

Deletes the user terminal home share.

QER | Person | User | DeleteOptions | TerminalProfileDir

Deletes the user terminal profile directory.

QER | Person | User | DeleteOptions | TerminalProfileShare

Delete the user terminal profile share.

Unlocking Active Directory user accounts

If the password is entered incorrectly several times (configuration dependent), the user account is locked in Active Directory.

If the user account is linked to an identity, the user account is unlocked when a new central password is set for the identity. This behavior is controlled by the TargetSystem | ADS | Accounts | UnlockByCentralPassword configuration parameter. For more information about an identity’s central password, see One Identity Manager Identity Management Base Module Administration Guide.

To unlock a user account manually

  1. In the Manager, select the Active Directory > User accounts category.

  2. Select the user account in the result list.

  3. Select the Change main data task.

  4. Select the Unlock user account task.

  5. Confirm the security prompt with OK.

    The user account is unlocked by the One Identity Manager Service.

Related topics

Moving Active Directory user accounts

NOTE:

  • User accounts with the Protected from accidental deletion option set, cannot be deleted.

  • To move a user account to another domain, make sure that the user account is assigned to the primary group only. You should remove all other group memberships before you move them. If you move a user account to another container within a domain, you must not remove the group memberships.

  • If you move a user account with an account definition to another domain, you must also remove the account definition from the user account.

To move a user account to another container

  1. In the Manager, select the Active Directory > User accounts category.

  2. Select the user account in the result list.

  1. Select the Change main data task.

  2. Select the Change Active Directory container task.
  3. Confirm the security prompt with Yes.
  4. Select the new container from the Containers drop-down on the General tab.
  5. Save the changes.

To move a user account to another domain

  1. In the Manager, select the Active Directory > User accounts category.

  2. Select the user account in the result list.

  3. Select the Change main data task.

  4. Select the Change Active Directory domain task.

  5. In the Move to other domain dialog, select a Target domain and a Target container and click Ok.

  6. Confirm the security prompt with OK.

Related topics

Displaying the Active Directory user account overview

Use this task to obtain an overview of the most important information about a user account.

To obtain an overview of a user account

  1. In the Manager, select the Active Directory > User accounts category.

  2. Select the user account in the result list.

  3. Select the Active Directory user account overview task.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级