• Getting error in AD synchornization to Update

    Hi,

    Getting error while running AD Synchronization to Update. Synchronization inserting to AD from one identity manger is fine.

    Error As follows

    [System.DirectoryServices.DirectoryServicesCOMException] There is no such object on the server.

    Regards,

  • Business role for active directory groups take a long time to add users

    Hello,

    Has anyone seen any issues with adding users to groups through a business role?

    We have a few that we need to add users to upon creation. It seems to take a good while before the users get added to the group.

    The business role is assigned but the…

  • Synchronization Person Table to Active Directory

    Hello, 

    I'm actually in the following case:

    When I create a user in the OiM WebPortal, the User is created in the Person Table in the DB. 

    How can I do to send this user created to the ADSAccount table? 

    I just want to automatically synchronize the user…

  • Automatic removal of ADSMachines from an ADSGroup

    I have design one custom request form on the IT shop where a user will provide hostname of his/her domain joined machine and custom process will add that machine in one Active Directory group. This is working perfectly fine!

    Now I have to create a custom…

  • Error creating ADSAccount with Account Definition

    Hi All,

    OneIM version it's 8.1

    We have the next problem creating the ADSAccounts with an Account Definition:

    ErrorMessages	(2020-05-29 12:05:31.517) [810023] Error during execution of statement: insert into QBMPwdHistory (DateInserted, HashValue,…

  • Mismatch AD versions

    Hi Experts

    Hope  you are doing well. We are using Identity Manager 8.0 and currently our Active directory version in our production environment is below –

    • Forest Functional Level (FFL) 2003
    • Domain Functional Level (DFL) 2008R2
    • OS 2008R2
    • Schema …
  • Is it a big risk if we have different schema version of AD in prod and pre-prod environment

    Hi Experts 

    We are using Identity manager version 8 and We have two AD one for Prod and another for non-prod. Both are align to same schema version that was 47

    However Recently there are some changes and non-prod AD upgraded to schema version of 87. If…

  • AD sync project doesn't dump all the accounts

    Hello everyone,

    I have created a sync project with an AD domain. I can dump the information into One Identity 8.1. The problem is that seems there is 400 accounts in the domain, however, I can only dump about 80 accounts into the system. I did not see…

  • Web Portal - AD Authentication for employees

    Dear fellow experts,

    Just need some pointers for my use case and I was hoping someone can point me in the right direction.

    I have Employees (Person Objects) who have ADSAccount linked to them. I would like them to authenticate to the Web Portal using…

  • Assigning AD group to Business Role via API

    Looking for information on assigning AD Groups to a Business Role via the API.

    I think I may have found the correct assignments table but I cannot seem to get it to work: OrgHasADSGroup

    I have tried using it both ways with Group / Role (Org Tree) like…

  • Single Employee attribute update from ADS Account for all employees.

    Hi,

    Quick question, If I need to update only one attribute (say DefaultEmailAddress of Person) from AD user object (mail) for all persons after an Active Directory Synchronization Run, do I just modify the script , or is there an OOTB approach for this…

  • Provision AD and Exchange from One Identity if DNS cannot resolve the domain

    Hello everyone, we recently upgraded our exchange from 2010 to 2016 in Production (Currently one IDM is connected to exchange 2010 and we have both exchange 2010 and 2016 in our production. However, soon they will decommission the 2010 version). I need…

  • AS400 / AD integration

    Team,

    We at JDA currently using Authentication services and integrated our Unix servers with AD.

    Now, we are also looking to integrate our AS400's / IBM i 7.3 servers to AD.

    Could any one please advise me which one of your solutions will help us in integrating…

  • How can we have Active Directory account same privileges as Viadmin user

    Hi,

    We are using version 8.0 and we have a requirement where in we don't want to use system user credentials to log in to the tools and instead we want to use Active Directory account credentials. In order to achieve this, we need to have viadmin privileges…

  • Unable to delink Employee Record from an old AD account

    Hi Gurus,

    Fairly new here so please be kind with my terminologies. In our OIM, we have HR Personnel information coming from Oracle eBusiness Suite (EBS)

    A certain personnel was turned from Contractor to Full time employee, and hence a new AD account was…

  • Connection error occurs in AD processes

    Hi,

    Sometimes we face issue while executing AD processes or saving AD object and the error is "Connection to ADSDomain could not be detected". We then compile the database and restart the service, tools and then re execute the process and it…

  • Unable to sync a multivalue column in Active directory from One Identity manager

    Hello Team,

    We have created a String type column and marked it as Multi-valued in ADSAccount table as we want to sync the column values in AD "Proxy Address" attribute which is a multi-valued. We are unable to sync the value in AD and neither we are able…

  • active directory group membership sync base on xOrigin

    Hi

    Can anyone please help me out of the below requirement. 

    During the active directory group sync, I want to delete all the direct (Xorigin = 1) membership from 1IM if memberships are not present in AD however if memberships are indirect (xOrigin> 1)…

  • Active Directory Authentication not working

    Hi,

    We are trying to setup AD authentication following the guide:

    https://support.oneidentity.com/identity-manager/kb/239053/sso-single-sign-on-is-not-working-for-the-web-portal

    But, we don't want to disable the anonymous Authentication.

    And It is…

  • Why account definition is checked when Department is updated for any user?

    Hi Experts,

    I tried to update few attributes in AD for the user like firstname, lastname, description, department. I have noticed that with only department change the account definition is again checked for the user and accordingly the container of the…

  • AD Sync based on group membership assignment

    Hi Experts

    I am trying to achieve some sync task however not sure what is the best solution. the task is - 

    If any group membership missing in AD however the membership present in IAM, during the sync the action should be 

    • If the membership in Identity…
  • ADS group update on getting failed when trying to update owner of the AD group to group type

    Hi Team,

    when trying to update the owner of AD group to AD Group we are getting below error.Please help

    ErrorMessages = (2019-07-16 15:10:53.297) Last action taken by target system provider was: Error executing script
    F:\ADUtils\ADSGroup-SetAllowWriteMembersKerberos…

  • Unable to disable AD accounts from One Identity Manager

    Hi,

    I am trying to get the status of the user from CSV file and setting "IsTemporaryDeactivated" as True. But when IsTemporaryDeactivated is set to True from csv, it is not able to update AD account. And when I directly change IsTemporaryDeactivated to…

  • Provisioning an unexpected value in attribute Mail of AD

    Hello experts,

     

    1IM is provisioning the “Mail” attribute of some AD accounts as blank (“”) when this should be Person.CCC_email and we cannot explain why this is happening despite Person.CCC_email being always filled.

    We have…