1. Administering Oracle Identity Cloud Service
  2. Configure Administrator Settings
  3. Manage Microsoft Active Directory (AD) Bridges for Oracle Identity Cloud Service
  4. Run a Microsoft Active Directory (AD) Bridge

Run a Microsoft Active Directory (AD) Bridge

You can run a Microsoft Active Directory (AD) Bridge to synchronize Oracle Identity Cloud Service with AD immediately.

As part of configuring an AD Bridge, you specified how often, in hours and minutes, you want Oracle Identity Cloud Service to use the bridge to import users and groups from AD. You're synchronizing Oracle Identity Cloud Service with your AD enterprise directory structure.

When the interval you specified elapses, Oracle Identity Cloud Service synchronizes with the directory structure so that any new, updated, or deleted user or group records are transferred into Oracle Identity Cloud Service. Because of this, the state of each record is synchronized between AD and Oracle Identity Cloud Service.

For security purposes, you may want to import users and groups from AD immediately. There are two types of imports that you can run:
  • Full import: The AD Bridge polls AD and retrieves data associated with all user and groups that you selected in the Select organizational units (OUs) for users and Select organizational units (OUs) for groups panes of the Configuration tab for the bridge. This data represents users and groups that were created, modified, or removed in AD. As a best practice, Oracle recommends that you perform a full import the first time you run the AD Bridge. See Configure a Microsoft Active Directory (AD) Bridge for more information about the Configuration tab.
  • Incremental import: Similar to a full import, but for this type of import, the AD Bridge polls AD and retrieves only user and group data that changed since you last used the AD Bridge to import users and groups into Oracle Identity Cloud Service.

By running the AD Bridge, you can propagate changes for Oracle Identity Cloud Service users in AD. After users are imported into Oracle Identity Cloud Service through the bridge, if you activate or deactivate a user, modify the user's attribute values, or change the group memberships for the user in Oracle Identity Cloud Service, then these changes will be reflected in AD.

You can also use the AD Bridge to view a synchronization log of the communication between Oracle Identity Cloud Service and AD.

  1. In the Identity Cloud Service console, expand the Navigation Drawer, click Settings, and then click Directory Integrations.
  2. Click the AD Bridge that you want to use to import users and groups from AD.
  3. Click Configuration.
  4. In the Configuration tab:
    1. In the Select organizational units (OUs) for users and Select organizational units (OUs) for groups panes, select the check box for each OU that contains users or groups that you want to import.
    2. In the Supported Operations area, select check boxes to enable Oracle Identity Cloud Service to propagate a user's activation status, attribute values, or group memberships to AD. See Configure a Microsoft Active Directory (AD) Bridge for more information about the Supported Operations area.
    3. Click Save.
      The AD Bridge propagates any changes to an Oracle Identity Cloud Service user's activation status, attribute values, or group memberships to AD.
  5. In the Confirmation window, click OK.
  6. Click Import.
  7. In the Import Type window, choose whether you want to run an incremental import or a full import, and then click OK.
    Oracle Identity Cloud Service imports the users and groups from AD.

    Note:

    Based on how many users and groups you're importing, the job may take several minutes or even hours.
  8. Click the Import tab. The status of the job Oracle Identity Cloud Service uses to import users and groups from AD is Running. After all users and groups are imported, the status changes to Success.

    Also, on this tab, you'll see a synchronization log of all traffic that occurs between Oracle Identity Cloud Service and AD for the current import job that ran. This includes the start date and time, and completion date and time, for the import job, how many users and groups were imported from AD successfully, and how many users and groups couldn't be imported.

    Note:

    If you don't see the status change after a few minutes, then click Refresh. Also, if the status of the job is Failed, then an error occurred while the AD Bridge was transferring users and groups from AD to Oracle Identity Cloud Service. See Troubleshoot Oracle Identity Cloud Service.