Go to main content
|
|
This chapter provides an overview of the updates made to the software and documentation for release 11.1.1.6.0 of the Microsoft Active Directory User Management connector.
The updates discussed in this chapter are divided into the following categories:
This section describes updates made to the connector software. This section also points out the sections of this guide that have been changed in response to each software update.
Documentation-Specific Updates
This section describes major changes made to this guide. For example, the relocation of a section from the second chapter to the third chapter is a documentation-specific update. These changes are not related to software updates.
The following section discusses software updates:
The following are the software updates in release 11.1.1.6.0:
The connector provides support for adding dynamic auxiliary object classes. In addition, you can add the attributes of these dynamic auxiliary object classes for reconciliation and provisioning.
See Adding Dynamic Auxiliary Object Classes and Their Attributes to Users for more information.
During group provisioning, by default, the value that you specify for the Group Name field on the OIM process form, is entered as the value of the Group Name and Group Name (pre-Windows 2000) attributes of the target system. If you want to specify different values for the Group Name and Group Name (pre-Windows 2000) attributes in the target system, then you must create the Group Name (pre-Windows 2000) field on the OIM process form.
See Adding the Group Name (pre-Windows 2000) Attribute for more information.
The connector provides support for provisioning groups of the type Security Group - Universal. See Configuring the Connector for Provisioning Groups of the Security Group - Universal Group Type for more information.
If you are using AD LDS as the target system, then add custom object categories for provisioning and reconciliation. See Configuring the Connector for Provisioning and Reconciling Custom Object Categories for more information.
The following are the software updates in release 11.1.1.5.0:
From this release onward, the connector adds support for the following as target systems:
Microsoft Active Directory installed on Microsoft Windows Server 2012
Microsoft Active Directory Lightweight Directory Services installed on Microsoft Windows Server 2012
These target systems are mentioned in Certified Components for Microsoft Active Directory User Management Connector.
The Microsoft Active Directory User Management connector is written using Microsoft .NET. A .NET environment is required for the execution of this connector code. Therefore, it is mandatory for this connector to be deployed on the .NET Connector Server shipped along with the connector package. The Microsoft Active Directory User Management connector operates in the context of a .NET Connector Framework, which in turn requires an application to execute. Therefore, by default, Oracle provides the .NET Connector Server to run the Microsoft Active Directory User Management connector.
Connector Server is a component provided by ICF. By using one or more connector servers, the connector architecture permits your application to communicate with externally-deployed bundles. In other words, a connector server enables remote execution of an Oracle Identity Manager connector.
See the following sections for more information:
This release of the connector can be deployed using the Connector Server, which is included with the ICF. See Installing Microsoft Active Directory User Management Connector in Oracle Identity Manager for more information.
A connection pool is a cache of objects that represent physical connections to the target. Oracle Identity Manager connectors can use these connections to communicate with target systems. At run time, the application requests a connection from the pool. If a connection is available, then the connector uses it and then returns it to the pool. A connection returned to the pool can again be requested for and used by the connector for another operation. By enabling the reuse of connections, the connection pool helps reduce connection creation overheads like network latency, memory allocation, and authentication.
One connection pool is created for each IT resource. For example, if you have three IT resources for three installations of the target system, then three connection pools will be created, one for each target system installation.
See Setting Up the Lookup Definition for Connection Pooling for more information.
The connector supports reconciliation and provisioning operations across domains. This means that, for example, you can assign a user in one domain to a group in another domain. You can also reconcile a user record even if the user and the user's manager belong to different domains.
See Enabling Reconciliation and Provisioning Operations Across Multiple Domains for more information.
The connector can be configured to reconcile from and provision to user-defined object classes and their attributes. By default, the target system uses the user
object class. The connector can be configured to accommodate user-defined object classes that you define on the target system.
See Configuring the Connector for User-Defined Object Classes for more information.
Depending upon your requirement, you can add new terminal profile fields for reconciliation and provisioning. See Adding Terminal Services Fields for Reconciliation and Provisioning for more information.
The connector supports any scripting language that has a script executor in the ICF. Currently, there are two script executor implementations: a Windows shell script executor (batch scripts) and a Boo script executor. Although Visual Basic scripts are not directly supported, a Visual Basic script can be called using a shell script.
See Action Scripts for more information.
The connector can be configured for compatibility with high-availability target system environments. It can read information about backup target system hosts from the BDCHostNames parameter of the Active Directory IT resource and apply this information when it is unable to connect to the primary host.
See Table 2–1 of Configuring the IT Resource for Microsoft AD and AD LDS for more information.
The following section discusses documentation-specific updates:
The following documentation-specific update has been made in revision "28" of release 11.1.1.6.0:
An additional step has been added to Adding a New Field on the Process Form to run the Form Upgrade Job.
The following documentation-specific update has been made in revision "27" of release 11.1.1.6.0:
A Note about configuring the .NET Connector Server has been added to Installing Microsoft Active Directory User Management Connector in Oracle Identity Manager.
The following documentation-specific update has been made in revision "26" of release 11.1.1.6.0:
Information about configuring the system to install and runn the Connector Server has been modified in Frequently Asked Questions.
The following documentation-specific update has been made in revision "25" of release 11.1.1.6.0:
Descriptions for “Incremental Recon Attribute” and "Latest Token" parameters of table Table 3-3 and Table 3-4 have been updated.
The following documentation-specific update has been made in revision "24" of release 11.1.1.6.0:
The “Oracle Identity Governance or Oracle Identity Manager” row of the table in Certified Components for Microsoft Active Directory User Management Connector has been updated to include support for Oracle Identity Governance release 12c PS4 (12.2.1.4.0).
“Integrated Common Framework” has been corrected to “Identity Connector Framework” in Architecture of Microsoft Active Directory User Management Connector.
Step 6 has been added to Replicating Form Designer Changes to a New UI Form.
The “Target systems and target system host platforms” row of the table in Certified Components for Microsoft Active Directory User Management Connector has been updated to include support for Microsoft Windows Server 2016, 64-bit platform in the Requirement for Microsoft AD LDS or ADAM column.
Ensuring Microsoft Active Directory on Microsoft Windows Server 2003 is SSL Enabled
Ensuring Microsoft Active Directory on Microsoft Windows Server 2008 is SSL Enabled
Configuring the SSL IT Resource Parameter
Installing and Configuring the Connector server has been renamed as About the Connector Server.
Configuring SSL Between Connector Server and Microsoft Active Directory has been modified.
The following documentation-specific updates have been made in revision "21" of release 11.1.1.6.0:
The "Oracle Identity Manager" row of the table in Certified Components for Microsoft Active Directory User Management Connector has been renamed as "Oracle Identity Governance or Oracle Identity Manager" and also updated for Oracle Identity Governance 12c (12.2.1.3.0) certification.
The following documentation-specific updates have been made in revision "20" of release 11.1.1.6.0:
The “Target systems and target system host platforms” row of the table in Certified Components for Microsoft Active Directory User Management Connector has been updated to include support for Microsoft Windows Server 2016, 64–bit platform in the Requirement for Microsoft Active directory column.
An issue related to sAMAccount name attribute containing more than 20 characters has been added to Table 5-1.
The following documentation-specific update has been made in revision "19" of release 11.1.1.6.0:
All contents of Section 2.1.1.1, "Files and Directories On the Installation Media" have been moved to Appendix B, "Files and Directories on the Installation Media".
The following documentation-specific update has been made in revision "18" of release 11.1.1.6.0:
The "Connector Server" row of the table in Certified Components for Microsoft Active Directory User Management Connector has been updated.
The following documentation-specific update has been made in revision "17" of release 11.1.1.6.0:
A "Note" regarding the user account to be used while running the .NET Connector Server has been added to Installing and Configuring the Connector Server.
The following documentation-specific update has been made in revision "16" of release 11.1.1.6.0:
The "Microsoft .NET framework" row has been added to the table in Certified Components for Microsoft Active Directory User Management Connector.
The following documentation-specific updates have been made in revision "15" of release 11.1.1.6.0:
The following guideline has been removed from Guidelines on Configuring Reconciliation as the connector no longer uses the said format to delete users in Oracle Identity Manager:
Chapter 7, “Known Issues and Workarounds” has been removed.
The following documentation-specific updates have been made in revision "14" of release 11.1.1.6.0:
A note recommending not to configure the target system as both an authoritative (trusted) source and a managed (target) resource has been removed from About the Microsoft Active Directory User Management Connector.
A note regarding creating an IT resource when you have configured your target system as a trusted source has been added to Configuring the IT Resource for Microsoft AD and AD LDS.
The "IT Resource Name" of Table 3-4 has been updated.
Information regarding coexistence of Microsoft Active Directory User Management 9.x and 11.x connectors has been modified in Frequently Asked Questions
The following documentation-specific updates have been made in revision "13" of release 11.1.1.6.0:
The "Oracle Identity Manager" row of the table in Certified Components for Microsoft Active Directory User Management Connector has been updated.
Information specific to Oracle Identity Manager 11g Release 2 PS3 (11.1.2.3.0) has been added to Usage Recommendation for the Microsoft Active Directory User Management Connector.
The following documentation-specific update has been made in revision "12" of release 11.1.1.6.0:
A "Note" has been added at the beginning of Extending the Functionality of the Microsoft Active Directory User Management Connector.
The following documentation-specific update has been made in revision "11" of release 11.1.1.6.0:
Troubleshooting the Microsoft Active Directory User Management Connector has been updated.
The following documentation-specific updates have been made in revision "10" of release 11.1.1.6.0:
The following tables have been updated by adding a "Description" column:
Appendix B, "Special Characters Supported for Passwords" has been removed as all special characters supported by the target system can be used in password fields.
The following documentation-specific updates have been made in the revision "9" of release 11.1.1.6.0:
The "Target systems and target system host platforms" row of the table in Certified Components for Microsoft Active Directory User Management Connector has been modified to include Windows Server 2012 R2.
Configuring Validation of Data During Reconciliation and Provisioning has been updated to remove the statement that the validation class must implement the oracle.iam.connectors.common.validate.Validator interface.
In Frequently Asked Questions, the recommended system configuration for the computer installing and running the Connector Server has been updated to include Windows Server 2012.
Setting Up the Lookup Definition for the Ignore Event API has been created.
The following documentation-specific updates have been made in the revision "8" of release 11.1.1.6.0:
The "Oracle Identity Manager" row of the table in Certified Components for Microsoft Active Directory User Management Connector has been modified to include Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0).
Information specific to Oracle Identity Manager 11g Release 2 PS2 (11.1.2.2.0) has been added to Step 5 of Localizing Field Labels in UI Forms.
Action Scripts has been updated.
Frequently Asked Questions has been updated.
The following documentation-specific updates have been made in earlier revisions of release 11.1.1.6.0:
The "Oracle Identity Manager" and "Target systems and target system host platforms" rows of the table in Certified Components for Microsoft Active Directory User Management Connector have been modified.
The "NativeGuidConvention" entry has been added to Table 1-4 and Table 1-5.
A note has been added in the "Files in the dataset directory" and "xml/ActiveDirectory-Datasets.xml" rows of Table 2–1.
A note has been added in the instructions specific to Microsoft AD LDS in Creating a Target System User Account for Connector Operations.
A guideline has been added to Guidelines on Performing Provisioning Operations.
The following sections have been modified:
Information about adding a boolean field has been added in Step 2.d of Adding Custom Fields for Target Resource Reconciliation.
A note about boolean field has been added in Step 4.d of Adding Custom Fields for Provisioning.
The following sections have been added:
Usage Recommendation for the Microsoft Active Directory User Management Connector
Assigning Permissions to Perform Delete User Reconciliation Runs
Delegating Control for Organizational Units and Custom Object Classes
Performing Provisioning Operations in Oracle Identity Manager Release 11.1.2 or Later
Creating a Home Directory After User Create Provisioning Operation
Instructions specific to Oracle Identity Manager release 11.1.2.x have been added in the following sections:
A note has been added in the "DirectoryAdminName" row of Table 2–1, " Parameters of the Active Directory IT Resource for the Target System".
The following are the documentation-specific updates in release 11.1.1.5.0:
A note about details specific to the password reset provisioning operation has been added to Architecture of Microsoft Active Directory User Management Connector.
A note about installing a patch for .NET Framework 3.5 has been added to About the Connector Server.
Updated Installation to indicate that the connector must be installed both in Oracle Identity Manager and in the Connector Server. Removed Section 2.3.3, "Creating the IT Resource for the Connector Server" as part of this update.
Updated sample class and examples in Configuring Transformation of Data During Reconciliation, and removed appendixes C and D.
In Certified Components for Microsoft Active Directory User Management Connector, added the patch 14190610 as a requirement for Oracle Identity Manager.
In Adding New Multivalued Fields for Provisioning, removed the note indicating that the child table update operations are not supported by the connector.
A note about serverless binding has been added in the "LDAPHostName" row of Table 2–1, " Parameters of the Active Directory IT Resource for the Target System".
Configuring Log File Rotation has been added.
Limited Reconciliation has been modified.