Oracle® Identity Manager Connector Guide for Microsoft Active Directory Release 9.0.3 Part Number B32355-02 |
|
|
View PDF |
Oracle Identity Manager automates access rights management, security, and provisioning of IT resources. Oracle Identity Manager connectors are used to integrate Oracle Identity Manager with third-party applications. The connector for Microsoft Active Directory is used to integrate Oracle Identity Manager with Microsoft Active Directory.
Note:
Oracle Identity Manager connectors were referred to as resource adapters prior to the acquisition of Thor Technologies by Oracle.This chapter contains the following sections:
The following table lists the functions that are available with this connector.
Function | Type | Description |
---|---|---|
Create User | Provisioning | Creates a user |
Move User | Provisioning | Moves a user from one organization to another |
Delete User | Provisioning | Deletes a user |
Enable User | Provisioning | Enables a disabled user |
Disable User | Provisioning | Disables a user |
Get Organization USN | Provisioning | Retrieves the USN of an organization |
Create Organization | Provisioning | Creates an organization |
Get Organization USN Changed | Provisioning | Retrieves the USN of an organization after an update |
Delete Organization | Provisioning | Deletes an organization |
Get User objectGUID | Provisioning | Retrieves the objectGUID of a user |
User Must Change Password at Next Logon Updated | Provisioning | Updates a user's profile according to a change in the User Must Change Password at Next Logon attribute |
Set Account Expiration Date | Provisioning | Updates a user's profile according to a change in the Account Expiration Date attribute |
Password Never Expires Updated | Provisioning | Updates a user's profile according to a change in the Password Never Expires attribute |
Update User ID | Provisioning | Updates a user's profile according to a change in the User ID attribute |
Add User to Group | Provisioning | Adds a user to a group |
Remove User from Group | Provisioning | Removes a user from a group |
Create AD Group | Provisioning | Creates an AD group |
Delete AD Group | Provisioning | Deletes an AD group |
Update Group Name | Provisioning | Updates an AD group name |
Get Group objectGUID | Provisioning | Retrieves the objectGUID of a group |
Trusted Reconciliation for User | Reconciliation | Creates OIM User accounts corresponding to reconciled Microsoft Active Directory accounts |
Create User | Reconciliation | Reconciles Microsoft Active Directory accounts |
Create Organization | Reconciliation | Creates organizations along with users in Oracle Identity Manager corresponding to reconciled Microsoft Active Directory accounts (and their root organizations) |
Create Group | Reconciliation | Creates groups along with users in Oracle Identity Manager corresponding to reconciled Microsoft Active Directory accounts (and their parent groups) |
This release of the connector supports the following languages:
English
Brazilian Portuguese
French
German
Italian
Japanese
Korean
Simplified Chinese
Spanish
Traditional Chinese
See Also:
Oracle Identity Manager Globalization Guide for information about supported special charactersThis section discusses the elements that the reconciliation module extracts from the target system to construct reconciliation event records. This section discusses the following reconciliation types:
To populate the Lookup.ADReconliation.GroupLookup
lookup definition, the following fields of AD Groups are reconciled:
sAMAccountName
objectGUID
The reconciliation module extracts the following elements from the target system to construct AD Group reconciliation event records:
sAMAccountName
objectGUID
Organization Name
instanceType
cn
In Microsoft Active Directory, the provisioning module can be divided into the following:
The following fields are provisioned:
USN Create
USN Change
objectGUID
Organization Name
This is the value of the Name field in the Create Organization form of the Oracle Identity Manager Administrative and User Console.
The following fields are provisioned:
Group Name
Organization Name
objectGUID
Group Type
Group Display Name
The following fields are provisioned:
User ID
Note:
Microsoft Active Directory restricts the number of characters in the user ID field to 20 characters. Therefore, while provisioning a user through Oracle Identity Manager, you must not enter more than 20 characters in this field.Password
objectGUID
Organization Name
First Name
Last Name
Middle Name
User Must Change Password at Next Logon
Password Never Expires
Account Expiration Date
Full Name
Group Name
The files and directories that comprise this connector are in the following directory on the installation media:
Directory Servers\Microsoft Active Directory\Microsoft Active Directory Base
These files and directories are listed in the following table.
Note:
The files in thetest
directory are used only to run tests on the connector.The "Step 3: Copying the Connector Files and External Code" section provides instructions to copy these files into the required directories.
To determine the release number of a connector that you have deployed:
Extract the contents of the xliActiveDirectory.jar
file. For a connector that has been deployed, this file is in the following directory:
OIM_home\xellerate\JavaTasks
Open the manifest.mf
file in a text editor. The manifest.mf
file is one of the files bundled inside the xliActiveDirectory.jar
file.
In the manifest.mf
file, the release number of the connector is displayed as the value of the Version
property.
See Also:
Oracle Identity Manager Design Console Guide