1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector forMicrosoft Active Directory is used to integrate Oracle Identity Manager withMicrosoft Active Directory.

Note:

Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.

This chapter contains the following sections:

Supported Functionality
Reconciliation Module
Provisioning Module
Files and Directories That Comprise the Connector

Supported Functionality

The following table lists the functions that are available with this connector.

Function	Type	Description
Create User	Provisioning	Creates a user
Delete user	Provisioning	Deletes a provisioned user
Get Organization USN	Provisioning	Retrieves the USN of an existing organization
Create Organization	Provisioning	Creates an organization
Change Organization Name	Provisioning	Updates the organization name
Get Organization USN Changed	Provisioning	Retrieves the USN of an existing organization after an update
Move Organization	Provisioning	Moves an organization from one root to another
Delete Organization	Provisioning	Deletes an existing organization
Get User ObjectGUID	Provisioning	Retrieves the ObjectGUID of an existing user
User Must Change Password at Next Logon Updated	Provisioning	Updates the configuration of a user according to a change in the User Must Change Password at Next Logon attribute
Set Account Expiration Date	Provisioning	Updates the configuration of a user according to a change in the Account Expiration Date attribute
Password Never Expires Updated	Provisioning	Updates the configuration of a user according to a change in the Password Never Expires attribute
Update User ID	Provisioning	Updates the configuration of a user according to a change in the User ID attribute
Move User	Provisioning	Moves a user from one organization to another
Delete User	Provisioning	Deletes an existing user
Enable User	Provisioning	Enables a disabled existing user
Disable User	Provisioning	Disables an existing user
Add User to Group	Provisioning	Adds a user to a group
Remove User From group	Provisioning	Removes a user from a group
Create AD Group	Provisioning	Creates an AD group
Delete AD Group	Provisioning	Deletes an existing AD group
Update Group Name	Provisioning	Updates an AD group name
Get Group ObjectGUID	Provisioning	Retrieves the ObjectGUID of an existing group
Trusted Reconciliation for User	Reconciliation	Creates Xellerate User accounts corresponding to reconciled Microsoft Active Directory accounts
Create User	Reconciliation	Reconciles Microsoft Active Directory accounts
Create Organization	Reconciliation	Creates organizations along with users in Oracle Identity Manager corresponding to reconciled Microsoft Active Directory accounts (and their root organizations)
Create Group	Reconciliation	Creates groups along with users in Oracle Identity Manager corresponding to reconciled Microsoft Active Directory accounts (and their parent groups)

Reconciliation Module

This section describes the elements that the reconciliation module extracts from the target system to construct reconciliation event records. This section discusses the following reconciliation types:

AD Lookup Fields
AD User
AD Group

AD Lookup Fields

To populate the Lookup.ADReconliation.GroupLookup lookup code, the following fields of AD Groups are reconciled:

sAMAccountName
objectGUID

AD User

The reconciliation module extracts the following elements from the target system in order to construct AD User reconciliation event records:

sAMAccountName
objectGUID
name
memberOf
sn
cn

AD Group

The reconciliation module extracts the following elements from the target system in order to construct AD Group reconciliation event records:

sAMAccountName
objectGUID
Organization Name
instanceType
cn

Provisioning Module

In Microsoft Active Directory, the provisioning module can be divided into the following:

AD User
AD Group
AD Organization

AD User

The following fields are provisioned:

User ID
Password
Object GUID
Organization Name
First Name
Last Name
Middle Name
User must change password at next logon
Password never expires
Account Expiration Date
Full Name
Group Name

AD Group

The following fields are provisioned:

Group Name
Organization Name
Object GUID
Group Type
Group Display Name

AD Organization

The following fields are provisioned:

USN Create
USN Change
Object GUID
Organization Name (extracts the value from the Name field in the Create Organization form of the Oracle Identity Manager Administrative and User Console)

Files and Directories That Comprise the Connector

The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:

Directory Servers\Microsoft Active Directory\Microsoft Active Directory Rev 4.4.0.zip

These files and directories are listed in the following table.

File in the Installation Media Directory	Description
xml\xliADOrganizationObject_DM.xml	This XML file contains the Oracle Identity Manager components of the connector related to AD Organization provisioning. These components include: Resource object for AD Organization provisioning IT resource type Custom process form Process task and rule-generator adapters (along with their mappings) Login resource object Provisioning process Pre-populate rules
xml\xliADGroupObject_DM.xml	This XML file contains the Oracle Identity Manager components of the connector related to AD Group provisioning. These components include: Resource object for AD Group provisioning IT resource type Custom process form Process task and adapters (along with their mappings) Login resource object Provisioning process Pre-populate rules
xml\xliADUserObject_DM.xml	This XML file contains the Oracle Identity Manager components of the connector related to AD User provisioning. These components include: Resource object for AD User provisioning IT resource type Custom process form Process task and adapters (along with their mappings) Login resource object Provisioning process Pre-populate rules
xml\xliActiveDirectoryScheduleTask_DM.xml	This XML file contains the Oracle Identity Manager components of the connector related to the Database Access reconciliation module. These components include: Reconciliation scheduled task Reconciliation scheduled task attributes
lib\xliActiveDirectory.jar	This JAR file contains the class files required for provisioning.
lib\xliADRecon.jar	This JAR file contains the class files required for reconciliation.
ext\ldapsdk-4.1.jar	This external JAR file contains the JNDI LDAP booster package that is required for the Active Directory connector.
scripts\install.bat	This batch file is used to add a certificate to the keystore if Oracle Identity Manager is installed on a Microsoft Windows operating system.
scripts\install.sh	This file is used to add a certificate to the keystore if Oracle Identity Manager is installed on a UNIX-based system.
test\config\config.properties	This file is used to set input test data for the Microsoft Active Directory connector test suite.
test\lib\xliADTest.jar	This JAR file contains the class files required for the Microsoft Active Directory connector test suite.
test\logs	This directory is used by the Microsoft Active Directory connector test suite to log the results of the tests.
test\scripts\runADTest.bat	This file is used to run a test using the connector test suite.
docs\B31119_01.pdf docs\html	These are PDF and HTML versions of this guide, which provides instructions to deploy the connector.

Note:

The files in the test directory are used only to run tests on the connector.

The "Step 3: Copying the Connector Files and External Code" section provides instructions to copy these files into the required directories.