How to provision a new AD account to a user using Roles

We are new to One Identity and trying to provision a new AD account by assigning a business role. Below is our approach:

1. Created a business role hierarchy as below:

           Business Role1 ----- Role Assignment (Account Definitions, Active Directory Groups, Employees, Resources)

                  SubRole1 --- Provide Account Definition for AD

                        SubRole2 ---- Provide access to AD group

2. Assigned the business role to the user

3. Account Definition got assigned to user

The account is not being provisioned in the AD. We can see the user under "Employees without user accounts". Don't know what to do here and how to configure One Identity to provision and create account in Active Directory.

Regards

Gurvinder Singh

Parents
  • Hi,

    As an initial step/test - try assigning your account definition to an Employee to confirm ADSAccount creation and that the provisioning processes.

    Are there any FROZEN jobs related to the ADSAccount Insert?  Has the job run at all?

    Does creating an ADSAccount, without an account definition work?

    Likely there is some issue you can identify from the job queue, ie a frozen job due to error, or similar.

    Trevor

  • Thanks Trevor for the reply.

    The Account definition is already assigned to the user through the role.

    I saw a few frozen jobs, but went to FALSE state when retried.

    When we try the option "Linked but not assigned" and assign the ADSAccount to the user, the user gets successfully provisioned to Active Directory.

    Still not able to automatically create the user in AD via roles.

    Are we following the correct approach to automatically provision the AD account via roles?

    Regards

    Gurvinder Singh

  • You should check the error message from the frozen jobs, assuming that you still have them in the job history.

    A potential error could be, that you are not creating a sufficient enough initial password for the users.

Reply Children