Hi!
I would appreciate your help with:
1. Is there a way to create a container based on Department for a specific domain and assign a user? I tried using Synchronization Editor but only what it removed existing containers
2. When creating a user, a mail…

Hello,

I'm trying to provision a hierarchical structure of OUs to AD. One of the problems I have is that in OIM I've created, at the same hierarchical level, multiple OUs with the same name. This seems to be allowed in OIM, but not allowed in AD; and…

Hi Team,

I have set-up birth right AD group at root location so all users who are on-boarded getting added to that group but while applying the setting AD group was added to all inactive users as well.

How can we limit this to only active users?

We received a hint from our colleagues, who administrate the Active Directory, that we can exclude user objects, which have the value 2048 in the attribute userAccountControl.

We have done first tests with our own schema class - in our opinion this worked…

Hello!

1IM 8.1 SP2.

We try create synchronization project for Active Directory. DC Active Directory is place in DMZ.

We have opened on DC only ldap(s) – 389 (ldap), 636 (ldaps), 88 (Kerberos), 53 (DNS) ports. In process loading schema we have crush report…

I have AD groups assigned to Department with inheritance - how to assign this groups only to employees in this department which meet the condition?

Hello Dears,

I am integrating Active Directory with One identity Manager.

When I create a synchronization project through synchronization editor I am facing the following error

"ADSDomain: The following fields are compulsory and need to be filled: Forest…

Hi all, I have a sets of user and I added a license on their department all user where to sync properly into AD but among them there is one user who does does not sync into the ad properly when I check the AD it is missing the License. I am currently…

Hi again, I have a problem regarding the deactivating an  Active Directory account. It appears that the account is already INACTIVE in One Identity but still active on ACTIVE DIRECTORY.

Hi

I would like to get data about Expiry date from AD - parameter msDS-UserPasswordExpiryTimeComputed

As I checked it is the same forma as AccountExpires parameter.

Where I do not find solution is how can I create vrt property to transfer this number to…

My AD Account Provisioning has stopped working.  It always fails with the error "not all mandatory properties are defined".  It is complaining about "cn, objectClass, sAMAccountName".

To eliminate moving parts, I go to the Sync Editor…

Hello! 

1IM 8.1. SP2. 

I created Sync Project Active Directory. 

I did not change scopes or filters. 

Not all OU inserted ADSContainer table after syncronization.

Logs has not errors about OU. 

In test enviroment with test AD all ok.

Why it did?    

Hello, 

I'm actually in the following case:

When I create a user in the OiM WebPortal, the User is created in the Person Table in the DB. 

How can I do to send this user created to the ADSAccount table? 

I just want to automatically synchronize the user…

I have design one custom request form on the IT shop where a user will provide hostname of his/her domain joined machine and custom process will add that machine in one Active Directory group. This is working perfectly fine!

Now I have to create a custom…

Dear fellow experts,

Just need some pointers for my use case and I was hoping someone can point me in the right direction.

I have Employees (Person Objects) who have ADSAccount linked to them. I would like them to authenticate to the Web Portal using…

Hi,

Sometimes we face issue while executing AD processes or saving AD object and the error is "Connection to ADSDomain could not be detected". We then compile the database and restart the service, tools and then re execute the process and it…

Hello Team,

We have created a String type column and marked it as Multi-valued in ADSAccount table as we want to sync the column values in AD "Proxy Address" attribute which is a multi-valued. We are unable to sync the value in AD and neither we are able…

Hi Experts,

I tried to update few attributes in AD for the user like firstname, lastname, description, department. I have noticed that with only department change the account definition is again checked for the user and accordingly the container of the…

Hello Everyone, 

Thanks in advance for your answers.

I have a problem with the AD Provisionning (Target Synchronization).

I don't know how to create a kind of CheckBox on "Create User Account" Form via Manager Application (also via Web Portal…

Hello,

I'm having a hard time understanding the way the attribute proxyAddresses and targetAddress are provisioned in Active Directory and Exchange sync projects in v8.

I have two main issues:

- in v6 there was a attribute ADSAccount.TARGET_Address…

Hi Experts,

We are receiving below error whenever we are executing initial AD sync.

<x><w>2018-06-21 10:08:07 +00:00 - Warning: Starting queue \RemoteJobServer.<x>
<p>2018-06-21 10:11:07 +00:00 - \RemoteJobServer - Process step parameter…

Hi All,

We have installed PCA on AD as per PCA guide. We have provided all required permission but still receiving error in log for password change.

From WebService-Script:
Certificate to decrypt was found, but the current user does not have enough permissions…

Hello,

for ADS synchronization, I have created a custom virtual attribute of type 'object reference'. This attribute contains the short name of the account owner's department (UID_Person.UID_Department.ShortName). The field 'Department' is used for…