Browse By Tags

  • Convert epoch time in Sync editor

    Hi

    I would like to get data about Expiry date from AD - parameter msDS-UserPasswordExpiryTimeComputed

    As I checked it is the same forma as AccountExpires parameter.

    Where I do not find solution is how can I create vrt property to transfer this number to…

  • Azure AD Questions

    Hi all,

    I am new to One Identity products and possibly looking at purchasing Active Roles to automate new user requests from Service Now but I have a few questions that i hope you can help me with:

    Environment

    We currently create users on our on premise…

  • Three Ways to Improve Password Security and Self-service for Your End Users

    For enhanced password security, organizations need a simple, highly secure and efficient way for users to reset forgotten passwords and unlock accounts on their own. As an IT Leader, you must implement strong password policies and eliminate risk of data…

  • AD Provisioning fails with: Unable to execute method (Insert object) for object (Xxxx) because not all mandatory properties are defined.

    My AD Account Provisioning has stopped working.  It always fails with the error "not all mandatory properties are defined".  It is complaining about "cn, objectClass, sAMAccountName".

    To eliminate moving parts, I go to the Sync Editor…

  • Unable to create synchronization project for connecting to Active Directory

    Hi,

    We are using version 8.1.3. We have integrated with one AD domain in One Identity Manager and now trying to integrate with another AD domain. We do not have direct  DB connectivity and it is via Application server. When we try to create AD project…

  • Achieve Zero Trust Even When Active Directory is in the Way

    After working with Active Directory for longer than I care to confess, the term ‘Zero Trust’ has bubbled up just about everywhere I look. For years, I ignored it, mostly because it sounds too good to be true. I assumed – as with some industry buzzwords…

  • How to provision a new AD account to a user using Roles

    We are new to One Identity and trying to provision a new AD account by assigning a business role. Below is our approach:

    1. Created a business role hierarchy as below:

               Business Role1 ----- Role Assignment (Account Definitions, Active Directory Groups…

  • Not all OU in 1IM DB after Active Directory Syncronization (Missing some OUs)

    Hello! 

    1IM 8.1. SP2. 

    I created Sync Project Active Directory. 

    I did not change scopes or filters. 

    Not all OU inserted ADSContainer table after syncronization.

    Logs has not errors about OU. 

    In test enviroment with test AD all ok.

    Why it did?    

  • Delay in execution of Password Reset and Account Unlock operations

    Hello everyone. We have one custom script in the production which is performing password reset and account unlock operations on the domain. This script is called by an external application (IVR Solution) with AD SAMAccountName as input parameter and script…

  • New-QADUser cmdlet Issue when logging the account creation event

    So when using the new-qaduser cmdlet, see below, The Event Log for event 4720 on the DC its connecting to to create the user account shows:

    Security ID: Domain\testing3
    Account Name: $2RG100-UU7PKQ1Q51GA
    Account Domain: Domain

    Attributes:
    SAM Account…

  • Secure Privileged Access in a Hybrid Active Directory World

    The ubiquitous use of Microsoft Active Directory (AD) and Azure AD in 95 percent of the global Fortune 1000 companies make it the primary target of cyberattacks. Now, as more and more organizations integrate their Privileged Access Management (PAM) into…

  • Need to understand the traffic generation from AD connector and Native Database connector

    Hello,

    We are using version 8.1.3 and we are using AD connector and Native Database connector which has connectivity with One IM database via Application Server. This is our QA environment and there is no major activity going on between One IM database…

  • Getting error in AD synchornization to Update

    Hi,

    Getting error while running AD Synchronization to Update. Synchronization inserting to AD from one identity manger is fine.

    Error As follows

    [System.DirectoryServices.DirectoryServicesCOMException] There is no such object on the server.

    Regards,

  • Business role for active directory groups take a long time to add users

    Hello,

    Has anyone seen any issues with adding users to groups through a business role?

    We have a few that we need to add users to upon creation. It seems to take a good while before the users get added to the group.

    The business role is assigned but the…

  • Synchronization Person Table to Active Directory

    Hello, 

    I'm actually in the following case:

    When I create a user in the OiM WebPortal, the User is created in the Person Table in the DB. 

    How can I do to send this user created to the ADSAccount table? 

    I just want to automatically synchronize the user…

  • Automatic removal of ADSMachines from an ADSGroup

    I have design one custom request form on the IT shop where a user will provide hostname of his/her domain joined machine and custom process will add that machine in one Active Directory group. This is working perfectly fine!

    Now I have to create a custom…

  • KuppingerCole Executive View on One Identity Active Roles

    With Microsoft Active Directory (AD) and Azure Active Directory (AAD) in 95 percent of Fortune 1000 organizations worldwide, the hybrid AD environment is a huge target for cyberattacks. It’s a challenge to manage and secure AD/AAD account lifecycle management…

  • ActiveRoles Management Shell for Active Directory version 1.6

    Hi team,

    I know that ActiveRoles Management Shell for Active Directory version 1.5 was last free version post that they have mentioned it should be commercial software but however no details on version 1.6 if it is free or commercial, because 1.7 mentioned…

  • Are we bouncing back or adjusting to a new way to work?

    As most companies and organizations adjusted to the abrupt change, I must admit that I missed some of the challenges they were facing. Our company, One Identity – which is a Quest Software business, was probably more prepared than most since a good portion…

  • Exchange Properties of users are not getting open for some users

    Hello,

    We are recently facing the issue on few users for whom we are not able to open exchange properties. Other tabs are working fine, but when we select exchange properties in ARS portal after opening user general properties, it takes time and finally…

  • Error creating ADSAccount with Account Definition

    Hi All,

    OneIM version it's 8.1

    We have the next problem creating the ADSAccounts with an Account Definition:

    ErrorMessages	(2020-05-29 12:05:31.517) [810023] Error during execution of statement: insert into QBMPwdHistory (DateInserted, HashValue,…

  • Welcome to My World – How to Easily Handle a Sudden Storm of Active Directory Provisioning Tasks

    This current global health crisis has created chaos and hardship for individuals, families, companies and governments. With events canceled or postponed, offices closed and personal routines put on hold, life as we previously knew it, quickly changed…

  • Mismatch AD versions

    Hi Experts

    Hope  you are doing well. We are using Identity Manager 8.0 and currently our Active directory version in our production environment is below –

    • Forest Functional Level (FFL) 2003
    • Domain Functional Level (DFL) 2008R2
    • OS 2008R2
    • Schema …
  • Is it a big risk if we have different schema version of AD in prod and pre-prod environment

    Hi Experts 

    We are using Identity manager version 8 and We have two AD one for Prod and another for non-prod. Both are align to same schema version that was 47

    However Recently there are some changes and non-prod AD upgraded to schema version of 87. If…

  • AD sync project doesn't dump all the accounts

    Hello everyone,

    I have created a sync project with an AD domain. I can dump the information into One Identity 8.1. The problem is that seems there is 400 accounts in the domain, however, I can only dump about 80 accounts into the system. I did not see…