Hi OneID comunity,

I recently fired up my demo environment and the password was expired of the viadmin account when trying to setup a new password i got the following error: 
"Password policy processing failed. An Active Directory user account is required…

I have a custom target system whose groups we would like to manage through AD. The custom target system is already script synchronized (so CCC_UnsAccountBInUnsGroupB_<name>_Add and CCC_UnsAccountBInUnsGroupB_<name>_Del are already implemented).…

I have set up a custom target system so that the account definition is tied to several business roles, so that certain Persons are automatically assigned an account based on this.

My question is, how do I tie an AD group to this account definition/account…

Hi Experts

I am trying to achieve some sync task however not sure what is the best solution. the task is - 

If any group membership missing in AD however the membership present in IAM, during the sync the action should be 

• If the membership in Identity…

Hello experts,

(Ver 7.1.2)

We have an active directory group that is not being assigned as we expected.

We have a Service item published in the IT shop that has an Active directory group associated. Whenever an employee requests it and the approval workflow…

I tried to implement business role based AD group assignment via One IDM.

Though users are getting added, users who are no longer having the role are not being removed from the AD group in One IDM.

AD group membership when assigned directly, or through inheritance, is not assigned to the actual AD.

In some cases, even the membership can be seen for the ADSAccount object, but it is not seen in AD.

However, any changes to an AD account is immediately…

We have using One Idm version 7.1,We have a situation like ,Groups are getting removed by One idm service account in AD if there  groups added directly in AD before.Is it becuase of One IDm version 7.1 bug or not enabling the option "Enable Merging"…

I have 5 location based AD attribute and i connected all these to particular location.When a new user came under that location they will get that Groups.

But unfortunately one DA group is not coming under identity .All other groups are assigning properly…

 Hi,

What is the easiest way to manage AD Group membership from the Web Portal? Should we use application Role?

I thought having "group owner" for the AD group was enough, but does not seem like it. 

I created application role with the permission…

I am trying to write a script (or can use process step) that will remove all of a person's AD group memberships when an attribute changes.  The script I wrote identifies the correct groups but just running a delete on the ADSAccountinADSGroup record…