Oracle® Identity Manager Connector Guide for Microsoft Active Directory Release 9.0.1 Part Number B31119-01 |
|
|
View PDF |
Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector forMicrosoft Active Directory is used to integrate Oracle Identity Manager withMicrosoft Active Directory.
Note:
Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.This chapter contains the following sections:
The following table lists the functions that are available with this connector.
Function | Type | Description |
---|---|---|
Create User | Provisioning | Creates a user |
Delete user | Provisioning | Deletes a provisioned user |
Get Organization USN | Provisioning | Retrieves the USN of an existing organization |
Create Organization | Provisioning | Creates an organization |
Change Organization Name | Provisioning | Updates the organization name |
Get Organization USN Changed | Provisioning | Retrieves the USN of an existing organization after an update |
Move Organization | Provisioning | Moves an organization from one root to another |
Delete Organization | Provisioning | Deletes an existing organization |
Get User ObjectGUID | Provisioning | Retrieves the ObjectGUID of an existing user |
User Must Change Password at Next Logon Updated | Provisioning | Updates the configuration of a user according to a change in the User Must Change Password at Next Logon attribute |
Set Account Expiration Date | Provisioning | Updates the configuration of a user according to a change in the Account Expiration Date attribute |
Password Never Expires Updated | Provisioning | Updates the configuration of a user according to a change in the Password Never Expires attribute |
Update User ID | Provisioning | Updates the configuration of a user according to a change in the User ID attribute |
Move User | Provisioning | Moves a user from one organization to another |
Delete User | Provisioning | Deletes an existing user |
Enable User | Provisioning | Enables a disabled existing user |
Disable User | Provisioning | Disables an existing user |
Add User to Group | Provisioning | Adds a user to a group |
Remove User From group | Provisioning | Removes a user from a group |
Create AD Group | Provisioning | Creates an AD group |
Delete AD Group | Provisioning | Deletes an existing AD group |
Update Group Name | Provisioning | Updates an AD group name |
Get Group ObjectGUID | Provisioning | Retrieves the ObjectGUID of an existing group |
Trusted Reconciliation for User | Reconciliation | Creates Xellerate User accounts corresponding to reconciled Microsoft Active Directory accounts |
Create User | Reconciliation | Reconciles Microsoft Active Directory accounts |
Create Organization | Reconciliation | Creates organizations along with users in Oracle Identity Manager corresponding to reconciled Microsoft Active Directory accounts (and their root organizations) |
Create Group | Reconciliation | Creates groups along with users in Oracle Identity Manager corresponding to reconciled Microsoft Active Directory accounts (and their parent groups) |
This section describes the elements that the reconciliation module extracts from the target system to construct reconciliation event records. This section discusses the following reconciliation types:
To populate the Lookup.ADReconliation.GroupLookup
lookup code, the following fields of AD Groups are reconciled:
sAMAccountName
objectGUID
The reconciliation module extracts the following elements from the target system in order to construct AD User reconciliation event records:
sAMAccountName
objectGUID
name
memberOf
sn
cn
In Microsoft Active Directory, the provisioning module can be divided into the following:
The following fields are provisioned:
User ID
Password
Object GUID
Organization Name
First Name
Last Name
Middle Name
User must change password at next logon
Password never expires
Account Expiration Date
Full Name
Group Name
The following fields are provisioned:
Group Name
Organization Name
Object GUID
Group Type
Group Display Name
The files and directories that comprise this connector are compressed in the following ZIP file on the installation media:
Directory Servers\Microsoft Active Directory\Microsoft Active Directory Rev 4.4.0.zip
These files and directories are listed in the following table.
Note:
The files in thetest
directory are used only to run tests on the connector.The "Step 3: Copying the Connector Files and External Code" section provides instructions to copy these files into the required directories.