Provisioning Notes
The following table summarizes the provisioning capabilities of this adapter.
|
Feature |
Supported? |
|---|---|
|
Enable/disable account |
Yes |
|
Rename account |
Yes |
|
Pass-through authentication |
Yes |
|
Before/after actions |
Yes |
|
Data loading methods |
|
The following administrative privileges are required to support Active Directory pass-through authentication for Windows 2003 running in Windows 2000 mode.
-
When configuring the Gateway to run as a user, that user must have the Act As Operating System User Right to perform pass-through authentication for the Windows NT and Windows 2000/Active Directory resources. The user must also have the Bypass Traverse Checking User Right, but this right is enabled for all users by default.
-
Accounts being authenticated must have the Access This Computer From The Network User Right on the Gateway system.
-
When Identity Manager is updating user rights, there may be a delay before the security policy is propagated. Once the policy has been propagated, you must restart the Gateway.
-
When performing account authentication, use the LogonUser function with the LOGON32_LOGON_NETWORK logon type and the LOGON32_PROVIDER_DEFAULT logon provider. (The LogonUser function is provided with the Microsoft Platform Software Development Kit.)
- © 2010, Oracle Corporation and/or its affiliates