1 About the Connector

Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for Microsoft Active Directory is used to integrate Oracle Identity Manager with Microsoft Active Directory.

Note:

Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.

This chapter contains the following sections:

Reconciliation Module
Provisioning Module
Supported Functionality
Multilanguage Support
Files and Directories That Comprise the Connector
Determining the Release Number of the Connector

Note:

At some places in this guide, Microsoft Active Directory has been referred to as the target system.

Reconciliation Module

Reconciliation involves duplicating in Oracle Identity Manager additions of and modifications to user accounts on the target system. It is an automated process initiated by a scheduled task that you configure.

See Also:

The "Deployment Configurations of Oracle Identity Manager" section in Oracle Identity Manager Connector Framework Guide for conceptual information about reconciliation configurations

Based on the type of data reconciled from the target system, reconciliation can be divided into the following types:

Lookup Fields Reconciliation
Group Reconciliation
User Reconciliation

Lookup Fields Reconciliation

To populate the Lookup.ADReconliation.GroupLookup lookup definition, the following fields of AD Groups are reconciled:

sAMAccountName
objectGUID

Group Reconciliation

The reconciliation module extracts the following elements from the target system to construct AD Group reconciliation event records:

sAMAccountName
objectGUID
Organization Name
instanceType
cn

User Reconciliation

The reconciliation module extracts the following elements from the target system to construct AD User reconciliation event records:

sAMAccountName
objectGUID
name
memberOf
sn
cn
Initials

Provisioning Module

Provisioning involves creating or modifying a user's access rights on the target system through Oracle Identity Manager. You use the Administrative and User Console to perform provisioning operations.

See Also:

The "Deployment Configurations of Oracle Identity Manager" section in Oracle Identity Manager Connector Framework Guide for conceptual information about provisioning

For this target system, provisioning is divided into the following types:

Organization Provisioning
Group Provisioning
User Provisioning

Organization Provisioning

The following fields are provisioned:

USN Create
USN Change
objectGUID
Organization Name

This is the value of the Name field in the Create Organization form of the Oracle Identity Manager Administrative and User Console.

Group Provisioning

The following fields are provisioned:

Group Name
Organization Name
objectGUID
Group Type
Group Display Name

User Provisioning

The following fields are provisioned:

User ID

Note:
Microsoft Active Directory restricts the number of characters in the user ID field to 20 characters. Therefore, while provisioning a user through Oracle Identity Manager, you must not enter more than 20 characters in this field.
Password
objectGUID
Organization Name
First Name
Last Name
Middle Name
User Must Change Password at Next Logon
Password Never Expires
Account Expiration Date
Full Name
Group Name

Supported Functionality

The following table lists the functions that are available with this connector.

Function	Type	Description
Create User	Provisioning	Creates a user
Move User	Provisioning	Moves a user from one organization to another
Delete User	Provisioning	Deletes a user
Enable User	Provisioning	Enables a disabled user
Disable User	Provisioning	Disables a user
Get Organization USN	Provisioning	Retrieves the USN of an organization
Create Organization	Provisioning	Creates an organization
Get Organization USN Changed	Provisioning	Retrieves the USN of an organization after an update
Delete Organization	Provisioning	Deletes an organization
Get User objectGUID	Provisioning	Retrieves the objectGUID of a user
User Must Change Password at Next Logon Updated	Provisioning	Updates a user's profile according to a change in the User Must Change Password at Next Logon attribute
Set Account Expiration Date	Provisioning	Updates a user's profile according to a change in the Account Expiration Date attribute
Password Never Expires Updated	Provisioning	Updates a user's profile according to a change in the Password Never Expires attribute
Update User ID	Provisioning	Updates a user's profile according to a change in the User ID attribute
Add User to Group	Provisioning	Adds a user to a group
Remove User from Group	Provisioning	Removes a user from a group
Create AD Group	Provisioning	Creates an AD group
Delete AD Group	Provisioning	Deletes an AD group
Update Group Name	Provisioning	Updates an AD group name
Get Group objectGUID	Provisioning	Retrieves the objectGUID of a group
Trusted Reconciliation for User	Reconciliation	Creates OIM User accounts corresponding to reconciled Microsoft Active Directory accounts
Create User	Reconciliation	Reconciles Microsoft Active Directory accounts
Create Organization	Reconciliation	Creates organizations along with users in Oracle Identity Manager corresponding to reconciled Microsoft Active Directory accounts (and their root organizations)
Create Group	Reconciliation	Creates groups along with users in Oracle Identity Manager corresponding to reconciled Microsoft Active Directory accounts (and their parent groups)

Multilanguage Support

The connector supports the following languages:

Chinese Simplified
Chinese Traditional
English
French
German
Italian
Japanese
Korean
Portuguese (Brazilian)
Spanish

See Also:

Oracle Identity Manager Globalization Guide for information about supported special characters

Files and Directories That Comprise the Connector

The files and directories that comprise this connector are in the following directory on the installation media:

Directory Servers/Microsoft Active Directory/Microsoft Active Directory Base

These files and directories are listed in the following table.

File in the Installation Media Directory	Description
lib/xliActiveDirectory.jar	This JAR file contains the class files required for reconciliation and provisioning.
Files in the `resources` directory	Each of these resource bundle files contains language-specific information that is used by the connector. Note: A resource bundle is a file containing localized versions of the text strings that are displayed on the user interface of Oracle Identity Manager. These text strings include GUI element labels and messages displayed on the Administrative and User Console.
scripts/install.bat	This batch file is used to add a certificate to the keystore if Oracle Identity Manager is installed on a Microsoft Windows operating system.
scripts/install.sh	This file is used to add a certificate to the keystore if Oracle Identity Manager is installed on a UNIX-based system.
test/config/config.properties	This file is used to set input test data for the connector test suite.
test/lib/xliADTest.jar	This JAR file contains the class files required for the connector test suite.
test/logs	This directory is used by the connector test suite to log the results of the tests. The log files are created in this directory.
test/scripts/runADTest.bat	This file is used to run a test using the connector test suite.
xml/xliADResourceObject.xml	This XML file contains definitions for the connector components related to reconciliation and provisioning. These components include: All resource objects for reconciliation and provisioning IT resource types Custom process forms Process task and adapters (along with their mappings) Login resource objects Provisioning process Pre-populate rules
xml/xliADXLResourceObject.xml	This XML file contains the configuration for the objects, such as Xellerate User and Xellerate Organization, which are specific to trusted sources. You must import this file only if you plan to use the connector in trusted source reconciliation mode.

Note:

The files in the test directory are used only to run tests on the connector.

The "Step 3: Copying the Connector Files and External Code Files" section provides instructions to copy these files into the required directories.

Determining the Release Number of the Connector

You can use any one of the following methods to determine the release number of the connector.

Before Deployment

To determine the release number of a connector:

Extract the contents of the xliActiveDirectory.jar file. This file is in the following directory on the installation media:
```
Directory Servers/Microsoft Active Directory/Microsoft Active Directory Base/lib
```
Open the manifest.mf file in a text editor. The manifest.mf file is one of the files bundled inside the xliActiveDirectory.jar file.

In the manifest.mf file, the release number of the connector is displayed as the value of the Version property.

Note:

If you maintain a copy of the xliActiveDirectory.jar file after deployment, you can use this method to determine the release number of the connector at any stage. After you deploy the connector, it is recommended that you use the "After Deployment" method, which is described in the following section.

After Deployment

To determine the release number of a connector that has already been deployed:

See Also:

Oracle Identity Manager Design Console Guide

Open the Oracle Identity Manager Design Console.
In the Form Designer, open the process form. The release number of the connector is the value of the Version field.