• AD Provisioning fails with: Unable to execute method (Insert object) for object (Xxxx) because not all mandatory properties are defined.

    My AD Account Provisioning has stopped working.  It always fails with the error "not all mandatory properties are defined".  It is complaining about "cn, objectClass, sAMAccountName".

    To eliminate moving parts, I go to the Sync Editor…

  • Unable to create synchronization project for connecting to Active Directory

    Hi,

    We are using version 8.1.3. We have integrated with one AD domain in One Identity Manager and now trying to integrate with another AD domain. We do not have direct  DB connectivity and it is via Application server. When we try to create AD project…

  • How to provision a new AD account to a user using Roles

    We are new to One Identity and trying to provision a new AD account by assigning a business role. Below is our approach:

    1. Created a business role hierarchy as below:

               Business Role1 ----- Role Assignment (Account Definitions, Active Directory Groups…

  • Not all OU in 1IM DB after Active Directory Syncronization (Missing some OUs)

    Hello! 

    1IM 8.1. SP2. 

    I created Sync Project Active Directory. 

    I did not change scopes or filters. 

    Not all OU inserted ADSContainer table after syncronization.

    Logs has not errors about OU. 

    In test enviroment with test AD all ok.

    Why it did?    

  • Delay in execution of Password Reset and Account Unlock operations

    Hello everyone. We have one custom script in the production which is performing password reset and account unlock operations on the domain. This script is called by an external application (IVR Solution) with AD SAMAccountName as input parameter and script…

  • Need to understand the traffic generation from AD connector and Native Database connector

    Hello,

    We are using version 8.1.3 and we are using AD connector and Native Database connector which has connectivity with One IM database via Application Server. This is our QA environment and there is no major activity going on between One IM database…

  • Getting error in AD synchornization to Update

    Hi,

    Getting error while running AD Synchronization to Update. Synchronization inserting to AD from one identity manger is fine.

    Error As follows

    [System.DirectoryServices.DirectoryServicesCOMException] There is no such object on the server.

    Regards,

  • Business role for active directory groups take a long time to add users

    Hello,

    Has anyone seen any issues with adding users to groups through a business role?

    We have a few that we need to add users to upon creation. It seems to take a good while before the users get added to the group.

    The business role is assigned but the…

  • Synchronization Person Table to Active Directory

    Hello, 

    I'm actually in the following case:

    When I create a user in the OiM WebPortal, the User is created in the Person Table in the DB. 

    How can I do to send this user created to the ADSAccount table? 

    I just want to automatically synchronize the user…

  • Automatic removal of ADSMachines from an ADSGroup

    I have design one custom request form on the IT shop where a user will provide hostname of his/her domain joined machine and custom process will add that machine in one Active Directory group. This is working perfectly fine!

    Now I have to create a custom…

  • Error creating ADSAccount with Account Definition

    Hi All,

    OneIM version it's 8.1

    We have the next problem creating the ADSAccounts with an Account Definition:

    ErrorMessages	(2020-05-29 12:05:31.517) [810023] Error during execution of statement: insert into QBMPwdHistory (DateInserted, HashValue,…

  • Mismatch AD versions

    Hi Experts

    Hope  you are doing well. We are using Identity Manager 8.0 and currently our Active directory version in our production environment is below –

    • Forest Functional Level (FFL) 2003
    • Domain Functional Level (DFL) 2008R2
    • OS 2008R2
    • Schema …
  • Is it a big risk if we have different schema version of AD in prod and pre-prod environment

    Hi Experts 

    We are using Identity manager version 8 and We have two AD one for Prod and another for non-prod. Both are align to same schema version that was 47

    However Recently there are some changes and non-prod AD upgraded to schema version of 87. If…

  • AD sync project doesn't dump all the accounts

    Hello everyone,

    I have created a sync project with an AD domain. I can dump the information into One Identity 8.1. The problem is that seems there is 400 accounts in the domain, however, I can only dump about 80 accounts into the system. I did not see…

  • Web Portal - AD Authentication for employees

    Dear fellow experts,

    Just need some pointers for my use case and I was hoping someone can point me in the right direction.

    I have Employees (Person Objects) who have ADSAccount linked to them. I would like them to authenticate to the Web Portal using…

  • Assigning AD group to Business Role via API

    Looking for information on assigning AD Groups to a Business Role via the API.

    I think I may have found the correct assignments table but I cannot seem to get it to work: OrgHasADSGroup

    I have tried using it both ways with Group / Role (Org Tree) like…

  • Single Employee attribute update from ADS Account for all employees.

    Hi,

    Quick question, If I need to update only one attribute (say DefaultEmailAddress of Person) from AD user object (mail) for all persons after an Active Directory Synchronization Run, do I just modify the script , or is there an OOTB approach for this…

  • Provision AD and Exchange from One Identity if DNS cannot resolve the domain

    Hello everyone, we recently upgraded our exchange from 2010 to 2016 in Production (Currently one IDM is connected to exchange 2010 and we have both exchange 2010 and 2016 in our production. However, soon they will decommission the 2010 version). I need…

  • AS400 / AD integration

    Team,

    We at JDA currently using Authentication services and integrated our Unix servers with AD.

    Now, we are also looking to integrate our AS400's / IBM i 7.3 servers to AD.

    Could any one please advise me which one of your solutions will help us in integrating…

  • How can we have Active Directory account same privileges as Viadmin user

    Hi,

    We are using version 8.0 and we have a requirement where in we don't want to use system user credentials to log in to the tools and instead we want to use Active Directory account credentials. In order to achieve this, we need to have viadmin privileges…

  • Unable to delink Employee Record from an old AD account

    Hi Gurus,

    Fairly new here so please be kind with my terminologies. In our OIM, we have HR Personnel information coming from Oracle eBusiness Suite (EBS)

    A certain personnel was turned from Contractor to Full time employee, and hence a new AD account was…

  • Connection error occurs in AD processes

    Hi,

    Sometimes we face issue while executing AD processes or saving AD object and the error is "Connection to ADSDomain could not be detected". We then compile the database and restart the service, tools and then re execute the process and it…

  • Unable to sync a multivalue column in Active directory from One Identity manager

    Hello Team,

    We have created a String type column and marked it as Multi-valued in ADSAccount table as we want to sync the column values in AD "Proxy Address" attribute which is a multi-valued. We are unable to sync the value in AD and neither we are able…

  • active directory group membership sync base on xOrigin

    Hi

    Can anyone please help me out of the below requirement. 

    During the active directory group sync, I want to delete all the direct (Xorigin = 1) membership from 1IM if memberships are not present in AD however if memberships are indirect (xOrigin> 1)…

  • Active Directory Authentication not working

    Hi,

    We are trying to setup AD authentication following the guide:

    https://support.oneidentity.com/identity-manager/kb/239053/sso-single-sign-on-is-not-working-for-the-web-portal

    But, we don't want to disable the anonymous Authentication.

    And It is…