Table of Contents

• List of Figures
• List of Tables
• Title and Copyright Information
• Preface
  • Audience
  • Documentation Accessibility
  • Related Documents
  • Conventions
• What's New In This Guide?
  • Software Updates
  • Documentation-Specific Updates
• 1 About the Microsoft Active Directory User Management Connector
  • Certified Components
  • Usage Recommendation
  • Certified Languages
  • Supported Connector Operations
  • Connector Architecture
  • Password Synchronization
  • Supported Connector Features Matrix
  • Connector Features
    • Full and Incremental Reconciliation
    • Limited Reconciliation
    • Batched Reconciliation
    • Reconciliation of Deleted Groups
    • Transformation and Validation of Account Data
    • Support for Connector Server
    • Connection Pooling
    • Support for Connector Operations Across Domains
    • Support for Adding the Group Name (pre-Windows 2000) Attribute
    • Support for Provisioning Groups of the Security Group - Universal Group Type
    • Support for Scripting Languages
    • Support for High-Availability Configuration of the Target System
• 2 Creating an Application By Using the Microsoft Active Directory User Management Connector
  • Process Flow for Creating an Application By Using the Connector
  • Prerequisites for Creating an Application By Using the Connector
    • Downloading the Connector Installation Package
    • Creating a Target System User Account for Connector Operations
      • Creating a User Account for Connector Operations in Microsoft Active Directory
      • Creating a User Account for Connector Operations in Microsoft AD LDS
    • Assigning Permissions to Perform Delete User Reconciliation Runs
    • Delegating Control for Organizational Units and Custom Object Classes
  • Installing the Microsoft Active Directory User Management Connector in the Connector Server
  • Creating an Application By Using the Connector
• 3 Configuring the Microsoft Active Directory User Management Connector
  • Basic Configuration Parameters
  • Advanced Settings Parameters
  • Attribute Mappings
    • Attribute Mappings for a Target Application
    • Attribute Mappings for an Authoritative Application
  • Correlation Rules for the Connector
    • Correlation Rules for a Target Application
    • Correlation Rules for an Authoritative Application
  • Reconciliation Jobs for the Connector
    • Reconciliation Jobs for a Target Application
    • Reconciliation Jobs for an Authoritative Application
• 4 Performing the Postconfiguration Tasks for the Microsoft Active Directory User Management Connector
  • Configuring Oracle Identity Governance
    • Creating and Activating a Sandbox
    • Creating a New UI Form
    • Publishing a Sandbox
    • Updating an Existing Application Instance with a New Form
  • Configuring the IT Resource for the Target System
  • Configuring the IT Resource for the Connector Server
  • Harvesting Entitlements and Sync Catalog
  • Enabling Logging for Microsoft Active Directory User Management Connector
    • Configuring Log File Rotation
  • Localizing Field Labels in UI Forms
  • Configuring the Connector for Provisioning Organizations
  • Enabling and Disabling the Passwords Must Meet Complexity Requirements Policy setting
  • Configuring SSL for Microsoft Active Directory and Microsoft AD LDS
    • Prerequisites
    • Configuring SSL Between Connector Server and Microsoft Active Directory
    • Configuring SSL Between Connector Server and Microsoft AD LDS
    • Configuring SSL Between Oracle Identity Governance and Connector Server
      • Exporting the Certificate
      • Configuring the Connector Server for SSL
      • Configuring Oracle Identity Governance for SSL
  • Setting Up the Lookup Definition for the Ignore Event API
    • Understanding the Ignore Event Disabled Entry
    • Adding the Ignore Event Disabled Entry
• 5 Using the Microsoft Active Directory User Management Connector
  • Guidelines on Using the Microsoft Active Directory User Management Connector
    • Guidelines on Configuring Reconciliation
    • Guidelines on Performing Provisioning Operations
  • Configuring Reconciliation
    • Performing Full Reconciliation and Incremental Reconciliation
    • Performing Limited Reconciliation
      • About Limited Reconciliation
      • Performing Limited Reconciliation By Using Filters
      • Performing Limited Reconciliation By Using the Search Base Attribute
    • Performing Batched Reconciliation
  • Scheduled Jobs for Lookup Field Synchronization
  • Configuring and Running Group Reconciliation
    • Reconciling Target System Groups into Individual Organizations
    • Reconciling Target System Groups a Single Organization
  • Configuring and Running Organization Reconciliation
  • Configuring Reconciliation Jobs
  • Performing Provisioning Operations
  • Connector Objects Used for Groups Management
    • Preconfigured Lookup Definitions for Group Operations
      • Lookup.ActiveDirectory.GM.Configuration
      • Lookup.ActiveDirectory.GM.ProvAttrMap
      • Lookup.ActiveDirectory.GM.ReconAttrMap
      • Lookup.ActiveDirectory.GM.ProvValidation
      • Lookup.ActiveDirectory.GM.ReconTransformation
      • Lookup.ActiveDirectory.GM.ReconValidation
      • Lookup.ActiveDirectory.GM.ReconAttrMap.Defaults
      • Lookup.ActiveDirectory.GroupTypes
    • Reconciliation Scheduled Jobs for Groups Management
      • Active Directory Group Recon
      • Active Directory Group Delete Recon
    • Reconciliation Rules and Action Rules for Groups Management
      • Reconciliation Rule for Groups
      • Reconciliation Action Rules for Groups
      • Viewing Reconciliation Rules
      • Viewing Reconciliation Action Rules
  • Connector Objects Used for Organizational Units Management
    • Preconfigured Lookup Definitions for Organizational Unit Operations
      • Lookup.ActiveDirectory.OM.Configuration
      • Lookup.ActiveDirectory.OM.Configuration.Trusted
      • Lookup.ActiveDirectory.OM.ProvAttrMap
      • Lookup.ActiveDirectory.OM.ReconAttrMap
      • Lookup.ActiveDirectory.OM.ProvValidation
      • Lookup.ActiveDirectory.OM.ReconTransformation
      • Lookup.ActiveDirectory.OM.ReconValidation
      • Lookup.ActiveDirectory.OM.ReconAttrMap.Trusted
      • Lookup.ActiveDirectory.OM.ReconAttrMap.Defaults
    • Reconciliation Scheduled Job for Organization Unit Management
    • Reconciliation Rules and Action Rules for Organizational Units Management
      • Reconciliation Rule for Organizational Units
      • Reconciliation Action Rules for Organizational Units
      • Viewing Reconciliation Rules
      • Viewing Reconciliation Action Rules
  • Uninstalling the Connector
• 6 Extending the Functionality of the Microsoft Active Directory User Management Connector
  • Adding Custom Fields for Target Resource Reconciliation
    • Adding Custom Fields for Target Resource Reconciliation of Users
    • Adding Custom Fields for Target Resource Reconciliation of Groups and Organizational Units
  • Adding New Multivalued Fields for Target Resource Reconciliation
    • Adding New Multivalued Fields for Target Resource Reconciliation of Users
    • Adding New Multivalued Fields for Target Resource Reconciliation of Groups and Organizational Units
  • Adding Custom Fields for Provisioning
    • Adding Custom Fields for Provisioning Users
    • Adding Custom Fields for Provisioning Groups and Organizational Units
      • Adding a New Field on the Process Form
      • Replicating Form Designer Changes to a New UI Form
      • Creating an Entry in the Provisioning Lookup Definition
      • Enabling Update Provisioning Operations on the Custom Field
      • Updating the Request Dataset
      • Clearing Content Related to Request Datasets from the Server Cache
      • Importing Request Datasets
  • Adding New Multivalued Fields for Provisioning
    • Adding New Multivalued Fields for Provisioning Users
    • Adding New Multivalued Fields for Provisioning Groups and Organizational Units
      • Creating an Entry in the Provisioning Lookup Definition
      • Enabling Update Provisioning Operations on the Multivalued Field
      • Updating the Request Dataset
      • Clearing Content Related to Request Datasets from the Server Cache
      • Importing Request Datasets
  • Adding Terminal Services Fields for Reconciliation and Provisioning
  • Adding the Group Name (pre-Windows 2000) Attribute
    • About the Group Name (pre-Windows 2000) Attribute
    • Adding the Group Name Pre Windows Field for Reconciliation
    • Adding the Group Name Pre Windows Field for Provisioning
      • Adding the Group Name Pre Windows Field
      • Updating the Lookup.ActiveDirectory.GM.ProvAttrMap Lookup Definition
      • Enabling Update Provisioning Operations on the Group Name Pre Windows Field
      • Updating Adapters
      • Updating the Request Dataset
      • Running the PurgeCache Utility
      • Importing the Request Dataset Definitions into MDS
  • Configuring Transformation and Validation Of Data
    • About Configuring Transformation and Validation of Data
    • Configuring Transformation of Data During Reconciliation for Groups and Organizational Units
    • Configuring Validation of Data During Reconciliation and Provisioning for Groups and Organizational Units
  • Action Scripts
    • Action Scripts for Users
      • About Configuring Action Scripts for Users
      • Running a Custom PowerShell Script for Users
      • Running Actions Using Visual Basic Scripts for Users
      • Important Notes on Running Actions Scripts for Users
      • Guidelines on Creating Scripts for Users
    • Action Scripts for Groups and Organizational Units
      • About Configuring Action Scripts for Groups and Organizational Units
      • Running a Custom PowerShell Script for Groups and Organizational Units
      • Running Actions Using Visual Basic Scripts for Groups and Organizational Units
      • Important Notes on Running Actions Scripts for Groups and Organizational Units
      • Guidelines on Creating Scripts for Groups and Organizational Units
  • Enabling Reconciliation and Provisioning Operations Across Multiple Domains
    • Understanding Enabling Reconciliation Across Multiple Domains
      • About Enabling Reconciliation Across Multiple Domains
      • Enabling Reconciliation Across Multiple Domains
    • Understanding Enabling Provisioning Across Multiple Domains
  • About Using the Connector for Multiple Trusted Source Reconciliation
  • Multiple Installations of the Target System
    • About Multiple Installations of the Target System
    • Configuring the Connector for Multiple Installations of the Target System
      • Configuring the Connector for Multiple Installations of the Target System while Upgrading from Oracle Identity Governance release 11.1.2.x to 12.2.1.3.0
      • Configuring the Connector for Multiple Installations of the Target System Using Application On-Boarding
  • Creating a Home Directory After User Create Provisioning Operation
  • Configuring the Connector for Provisioning Groups of the Security Group - Universal Group Type
• 7 Upgrading the Microsoft Active Directory User Management Connector
  • Preupgrade Steps
  • Upgrade Steps
  • Postupgrade Steps
    • Performing Postupgrade Steps
    • Determining Values For the FromVersion and ToVersion Attributes
    • Verifying If the Correct Process Form is Associated With the Resource Object
• 8 Troubleshooting the Microsoft Active Directory User Management Connector
• 9 Frequently Asked Questions
• A Character Lengths of Target System Fields and Process Form Fields
  • Fields with Different Lengths on the Target System and Process Form
  • Changing Process Form Field Lengths
• B Files and Directories in the Microsoft Active Directory User Management Connector Installation Package