The Microsoft Active Directory (AD) Bridge

Learn about common problems that you might encounter when using the Microsoft Active Directory (AD) Bridge and learn how to solve them.

Topics

• I can’t use the client for the AD Bridge to connect to Oracle Identity Cloud Service. What’s wrong?

• I’m trying to use the client for the AD Bridge to connect to my AD server. All of my connection details appear to be correct. However, when I click Test, the client can’t recognize the URL. Why is that?

• My AD Bridge now has a status of Unreachable, even though previously, it had a status of Active. Why is that?

• I used the AD Bridge to import a group into Oracle Identity Cloud Service, and then deleted the group in Oracle Identity Cloud Service. How can I re-establish a link between the group in AD and the group in Oracle Identity Cloud Service?

• I regenerated the Client Secret for my AD Bridge, and now my bridge isn't working. Why is that?

• I'm trying to use the AD Bridge to import AD users into Oracle Identity Cloud Service, but I'm not able to do this. Why is that?

I can’t use the client for the AD Bridge to connect to Oracle Identity Cloud Service. What’s wrong?

If you receive the following error message when you’re creating an AD Bridge:

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

then select the Use SSL check box because your AD server is using an SSL connection to communicate with the bridge.

I’m trying to use the client for the AD Bridge to connect to my AD server. All of my connection details appear to be correct. However, when I click Test, the client can’t recognize the URL. Why is that?

Make sure that the Identity Cloud Service URL matches the URL that's shown on the Install a Bridge for the Microsoft Active Directory Domain page. To access this page, launch the Identity Cloud Service console, expand the Navigation Drawer, click Settings, click Directory Integrations, and then click Add. In addition to the Identity Cloud Service URL, the page also displays the Client ID and Client Secret.

My AD Bridge now has a status of Unreachable, even though previously, it had a status of Active. Why is that?

Your AD Bridge can have an Unreachable status because:

1. The Oracle Identity Cloud Service administrator uninstalled the client associated with your AD Bridge, but the bridge couldn't be removed from the Directory Integrations page of the Identity Cloud Service console because the client can't connect to the Oracle Identity Cloud Service server. Oracle Identity Cloud Service can't use the bridge to communicate with AD. See Remove a Microsoft Active Directory (AD) Bridge.

2. The administrator regenerated the Client Secret for your AD Bridge, and then uninstalled the client for the bridge.

3. Your AD Bridge is installed and configured. However, the back-end service (or agent) used to establish communication between Oracle Identity Cloud Service and AD is stopped.

   To restart this agent:

   1. Click Start.

   2. In the Search programs and files text box, enter Services, and then press Enter.

   3. In the Services window, click Services (Local), Identity Cloud Service Microsoft Active Directory Bridge Service, and then click Start.

   4. Verify that Started appears as the status for the service.

I used the AD Bridge to import a group into Oracle Identity Cloud Service, and then deleted the group in Oracle Identity Cloud Service. How can I re-establish a link between the group in AD and the group in Oracle Identity Cloud Service?

1. In the Identity Cloud Service console, click Settings.

2. In the side navigation bar, click Directory Integrations.

3. Click the AD Bridge that you want to configure.

4. Click the Configuration tab.

5. In the Select organizational units (OUs) for groups pane, clear the check box for the designated group, and then click Save.

6. Select the check box for the group, and then click Save again.

7. Run the AD Bridge to synchronize the group between Oracle Identity Cloud Service and AD immediately.

I regenerated the Client Secret for my AD Bridge, and now my bridge isn't working. Why is that?

If you're using the 17.2.6 version of the client for the AD Bridge, then you must upgrade your client to the latest version. See Create a Microsoft Active Directory (AD) Bridge to install the updated client for the bridge.

I'm trying to use the AD Bridge to import AD users into Oracle Identity Cloud Service, but I'm not able to do this. Why is that?

The AD Bridge must be able to access the AD organizational units (OUs) and the parent OUs that contain the users you want to import into Oracle Identity Cloud Service. To ensure that the bridge can access the OUs:

1. Launch Active Directory Users and Computers.

2. Right-click the OU that contains the users you want to import into Oracle Identity Cloud Service, and select Properties from the drop-down menu.

3. In the Properties window, click the Security tab.

4. In the Advanced Security Settings window, click the Security tab, and click Advanced.

5. Click Add.

6. In the Permission Entry window, click the Select a Principal link.

7. In the Select User, Computer, Service Account, or Group window, search for the user with which the AD Bridge is configured, and click OK.

8. In the Permission Entry window:

   1. From the Type drop-down menu, select Allow.

   2. From the Applies to drop-down menu, select This Object and all descendant objects.

   3. From the Permissions pane, select the List contents, Read all properties, and Read permissions check boxes.

   4. Click OK.

9. In the Advanced Security Settings window, click OK.

10. In the Properties window, click OK.

11. Close Active Directory Users and Computers.