Table of Contents
- List of Figures
- List of Tables
- Title and Copyright Information
- Preface
- What's New In This Guide?
-
1
About the Microsoft Active Directory User Management Connector
- 1.1 Certified Components
- 1.2 Usage Recommendation
- 1.3 Certified Languages
- 1.4 Supported Connector Operations
- 1.5 Connector Architecture
- 1.6 Password Synchronization
- 1.7 Supported Connector Features Matrix
-
1.8
Connector Features
- 1.8.1 Full and Incremental Reconciliation
- 1.8.2 Limited Reconciliation
- 1.8.3 Batched Reconciliation
- 1.8.4 Reconciliation of Deleted Groups
- 1.8.5 Transformation and Validation of Account Data
- 1.8.6 Support for Connector Server
- 1.8.7 Connection Pooling
- 1.8.8 Support for Connector Operations Across Domains
- 1.8.9 Support for Adding the Group Name (pre-Windows 2000) Attribute
- 1.8.10 Support for Provisioning Groups of the Security Group - Universal Group Type
- 1.8.11 Support for Scripting Languages
- 1.8.12 Support for High-Availability Configuration of the Target System
-
2
Creating an Application By Using the Microsoft Active Directory User Management Connector
- 2.1 Process Flow for Creating an Application By Using the Connector
- 2.2 Prerequisites for Creating an Application By Using the Connector
- 2.3 Installing the Microsoft Active Directory User Management Connector in the Connector Server
- 2.4 Creating an Application By Using the Connector
- 3 Configuring the Microsoft Active Directory User Management Connector
-
4
Performing the Postconfiguration Tasks for the Microsoft Active Directory User Management Connector
- 4.1 Configuring Oracle Identity Governance
- 4.2 Configuring the IT Resource for the Target System
- 4.3 Configuring the IT Resource for the Connector Server
- 4.4 Harvesting Entitlements and Sync Catalog
- 4.5 Enabling Logging for Microsoft Active Directory User Management Connector
- 4.6 Localizing Field Labels in UI Forms
- 4.7 Configuring the Connector for Provisioning Organizations
- 4.8 Enabling and Disabling the Passwords Must Meet Complexity Requirements Policy setting
- 4.9 Configuring SSL for Microsoft Active Directory and Microsoft AD LDS
- 4.10 Setting Up the Lookup Definition for the Ignore Event API
-
5
Using the Microsoft Active Directory User Management Connector
- 5.1 Guidelines on Using the Microsoft Active Directory User Management Connector
- 5.2 Configuring Reconciliation
- 5.3 Scheduled Jobs for Lookup Field Synchronization
- 5.4 Configuring and Running Group Reconciliation
- 5.5 Configuring and Running Organization Reconciliation
- 5.6 Configuring Reconciliation Jobs
- 5.7 Performing Provisioning Operations
-
5.8
Connector Objects Used for Groups Management
-
5.8.1
Preconfigured Lookup Definitions for Group Operations
- 5.8.1.1 Lookup.ActiveDirectory.GM.Configuration
- 5.8.1.2 Lookup.ActiveDirectory.GM.ProvAttrMap
- 5.8.1.3 Lookup.ActiveDirectory.GM.ReconAttrMap
- 5.8.1.4 Lookup.ActiveDirectory.GM.ProvValidation
- 5.8.1.5 Lookup.ActiveDirectory.GM.ReconTransformation
- 5.8.1.6 Lookup.ActiveDirectory.GM.ReconValidation
- 5.8.1.7 Lookup.ActiveDirectory.GM.ReconAttrMap.Defaults
- 5.8.1.8 Lookup.ActiveDirectory.GroupTypes
- 5.8.2 Reconciliation Scheduled Jobs for Groups Management
- 5.8.3 Reconciliation Rules and Action Rules for Groups Management
-
5.8.1
Preconfigured Lookup Definitions for Group Operations
-
5.9
Connector Objects Used for Organizational Units Management
-
5.9.1
Preconfigured Lookup Definitions for Organizational Unit Operations
- 5.9.1.1 Lookup.ActiveDirectory.OM.Configuration
- 5.9.1.2 Lookup.ActiveDirectory.OM.Configuration.Trusted
- 5.9.1.3 Lookup.ActiveDirectory.OM.ProvAttrMap
- 5.9.1.4 Lookup.ActiveDirectory.OM.ReconAttrMap
- 5.9.1.5 Lookup.ActiveDirectory.OM.ProvValidation
- 5.9.1.6 Lookup.ActiveDirectory.OM.ReconTransformation
- 5.9.1.7 Lookup.ActiveDirectory.OM.ReconValidation
- 5.9.1.8 Lookup.ActiveDirectory.OM.ReconAttrMap.Trusted
- 5.9.1.9 Lookup.ActiveDirectory.OM.ReconAttrMap.Defaults
- 5.9.2 Reconciliation Scheduled Job for Organization Unit Management
- 5.9.3 Reconciliation Rules and Action Rules for Organizational Units Management
-
5.9.1
Preconfigured Lookup Definitions for Organizational Unit Operations
- 5.10 Uninstalling the Connector
-
6
Extending the Functionality of the Microsoft Active Directory User Management Connector
- 6.1 Adding Custom Fields for Target Resource Reconciliation
- 6.2 Adding New Multivalued Fields for Target Resource Reconciliation
-
6.3
Adding Custom Fields for Provisioning
- 6.3.1 Adding Custom Fields for Provisioning Users
-
6.3.2
Adding Custom Fields for Provisioning Groups and Organizational Units
- 6.3.2.1 Adding a New Field on the Process Form
- 6.3.2.2 Replicating Form Designer Changes to a New UI Form
- 6.3.2.3 Creating an Entry in the Provisioning Lookup Definition
- 6.3.2.4 Enabling Update Provisioning Operations on the Custom Field
- 6.3.2.5 Updating the Request Dataset
- 6.3.2.6 Clearing Content Related to Request Datasets from the Server Cache
- 6.3.2.7 Importing Request Datasets
- 6.4 Adding New Multivalued Fields for Provisioning
- 6.5 Adding Terminal Services Fields for Reconciliation and Provisioning
-
6.6
Adding the Group Name (pre-Windows 2000) Attribute
- 6.6.1 About the Group Name (pre-Windows 2000) Attribute
- 6.6.2 Adding the Group Name Pre Windows Field for Reconciliation
-
6.6.3
Adding the Group Name Pre Windows Field for Provisioning
- 6.6.3.1 Adding the Group Name Pre Windows Field
- 6.6.3.2 Updating the Lookup.ActiveDirectory.GM.ProvAttrMap Lookup Definition
- 6.6.3.3 Enabling Update Provisioning Operations on the Group Name Pre Windows Field
- 6.6.3.4 Updating Adapters
- 6.6.3.5 Updating the Request Dataset
- 6.6.3.6 Running the PurgeCache Utility
- 6.6.3.7 Importing the Request Dataset Definitions into MDS
- 6.7 Configuring Transformation and Validation Of Data
-
6.8
Action Scripts
- 6.8.1 Action Scripts for Users
-
6.8.2
Action Scripts for Groups and Organizational Units
- 6.8.2.1 About Configuring Action Scripts for Groups and Organizational Units
- 6.8.2.2 Running a Custom PowerShell Script for Groups and Organizational Units
- 6.8.2.3 Running Actions Using Visual Basic Scripts for Groups and Organizational Units
- 6.8.2.4 Important Notes on Running Actions Scripts for Groups and Organizational Units
- 6.8.2.5 Guidelines on Creating Scripts for Groups and Organizational Units
- 6.9 Enabling Reconciliation and Provisioning Operations Across Multiple Domains
- 6.10 About Using the Connector for Multiple Trusted Source Reconciliation
- 6.11 Multiple Installations of the Target System
- 6.12 Creating a Home Directory After User Create Provisioning Operation
- 6.13 Configuring the Connector for Provisioning Groups of the Security Group - Universal Group Type
- 7 Upgrading the Microsoft Active Directory User Management Connector
- 8 Troubleshooting the Microsoft Active Directory User Management Connector
- 9 Frequently Asked Questions
- A Character Lengths of Target System Fields and Process Form Fields
- B Files and Directories in the Microsoft Active Directory User Management Connector Installation Package