Browse By Tags

  • AS400 / AD integration


    We at JDA currently using Authentication services and integrated our Unix servers with AD.

    Now, we are also looking to integrate our AS400's / IBM i 7.3 servers to AD.

    Could any one please advise me which one of your solutions will help us in integrating…

  • AIX.5.3/VAS 3.5.2 and I broke a server

    I'm in way over my head.  My vas expert left the company.  I was moving some files from server to server in /etc/opt/quest/vas, and inadvertently copied everything in the folder to a different server.  As you probably guessed, this entirely broke the…

  • How can we have Active Directory account same privileges as Viadmin user


    We are using version 8.0 and we have a requirement where in we don't want to use system user credentials to log in to the tools and instead we want to use Active Directory account credentials. In order to achieve this, we need to have viadmin privileges…

  • One Identity: Globale Umfrage offenbart Bedeutung und Auswirkungen von „Pass the Hash“-Angriffen sowie die diesbezügliche Verunsicherung und hebt den Bedarf an Best Practices beim Privileged Access und Active Directory Management hervor

    • Die Umfrage unter mehr als 1.000 IT-Sicherheitsexperten offenbart die geschäftlichen Auswirkungen eines Angriffs mithilfe von gestohlenen Administrator-Anmeldedaten, auch unter dem Namen „Pass the Hash“-Angriff bekannt
    • Zwei von fünf…
  • Les entreprises françaises sont la cible de nombreuses cyberattaques de type « Pass-the-Hash »

    L’étude mondiale de One Identity met en lumière qu’au niveau mondial la gestion des accès à privilèges, et de l’Active Directory, au sein des entreprises reste sommaire au risque de laisser leur réseau entier exposé aux cybercriminels utilisant la technique…

  • You Can Live a Dual Life – Use Cases and Solutions for a Hybrid World

    Hannah Montana was right: you can have the best of both worlds. Though the late 2000s teen queen was singing about her secret double life as a high-flying pop star and a down-to-earth high school student, it turns out that that life goal now also applies…

  • Unable to delink Employee Record from an old AD account

    Hi Gurus,

    Fairly new here so please be kind with my terminologies. In our OIM, we have HR Personnel information coming from Oracle eBusiness Suite (EBS)

    A certain personnel was turned from Contractor to Full time employee, and hence a new AD account was…

  • Can Pauline Find Productivity without AD-Centered Identity Management?

    Which introductory experience do new hires to your organization get? Are they able to login on their first day and access all necessary resources to do their basic job? Or… are they temporarily assigned a left-over cubicle with no phone, computer or network…

  • Connection error occurs in AD processes


    Sometimes we face issue while executing AD processes or saving AD object and the error is "Connection to ADSDomain could not be detected". We then compile the database and restart the service, tools and then re execute the process and it…

  • Unable to sync a multivalue column in Active directory from One Identity manager

    Hello Team,

    We have created a String type column and marked it as Multi-valued in ADSAccount table as we want to sync the column values in AD "Proxy Address" attribute which is a multi-valued. We are unable to sync the value in AD and neither we are able…

  • active directory group membership sync base on xOrigin


    Can anyone please help me out of the below requirement. 

    During the active directory group sync, I want to delete all the direct (Xorigin = 1) membership from 1IM if memberships are not present in AD however if memberships are indirect (xOrigin> 1)…

  • Active Directory Authentication not working


    We are trying to setup AD authentication following the guide:

    But, we don't want to disable the anonymous Authentication.

    And It is…

  • Why account definition is checked when Department is updated for any user?

    Hi Experts,

    I tried to update few attributes in AD for the user like firstname, lastname, description, department. I have noticed that with only department change the account definition is again checked for the user and accordingly the container of the…

  • Starling Connect extends your identity administration and governance capabilities to the cloud

    You already know the amazing capabilities of One Identity Active Roles and how it simplifies and centralizes provisioning and deprovisioning processes for your Active Directory and Azure Active Directory-controlled identities. You know that it provides…

  • AD Sync based on group membership assignment

    Hi Experts

    I am trying to achieve some sync task however not sure what is the best solution. the task is - 

    If any group membership missing in AD however the membership present in IAM, during the sync the action should be 

    • If the membership in Identity…
  • Configuring Samba Client on RHEL 7 to access a windows share


    I am relatively new to the Quest One Identity software . 

    I am working on configuring  Samba client on Red Hat Linux REHL 7  to access a windows share . 

    We have Quest One Idenity implemented (VAS 4.0) with PAM authentication from Active  directory. We…

  • ADS group update on getting failed when trying to update owner of the AD group to group type

    Hi Team,

    when trying to update the owner of AD group to AD Group we are getting below error.Please help

    ErrorMessages = (2019-07-16 15:10:53.297) Last action taken by target system provider was: Error executing script

  • Unable to disable AD accounts from One Identity Manager


    I am trying to get the status of the user from CSV file and setting "IsTemporaryDeactivated" as True. But when IsTemporaryDeactivated is set to True from csv, it is not able to update AD account. And when I directly change IsTemporaryDeactivated to…

  • Provisioning an unexpected value in attribute Mail of AD

    Hello experts,


    1IM is provisioning the “Mail” attribute of some AD accounts as blank (“”) when this should be Person.CCC_email and we cannot explain why this is happening despite Person.CCC_email being always filled.

    We have…

  • ARS background process

    Hi All,

    I just wanted to know what background process does ARS do to provision objects to AD. Is it LDAP or any scripts that it run in background.



  • Unable to create/update AD account due to password policy


    We are trying to create an account in AD. It creates the account in AD but while setting the password it throws below error

    Error executing user_password_Set on object CN=91005,OU=Offsite Contractors,OU=US Berwyn,OU=all users,DC=dfctest,DC=local …

  • Could not create account in Active Directory complaining on password policy

    Hi Experts 

    I am getting a password policy violation error while adding ADSAccount to the target.

    Please find the error below - 

    ErrorMessages () [1777018] Error executing synchronization project (Active Directory Domain )'s workflow (Provisioning).…

  • What is the way to add AD group membership to a disable person


    I have an requirement to assign two ads group to a disable person. 

    I have written a script to add the groupmembership (ADSAccountInADSGroup), It seems like it is not possible to add as user account is disable.

    It is complaining in xIsInEffect column…

  • Ad group not assigned

    Hello experts,

    (Ver 7.1.2)

    We have an active directory group that is not being assigned as we expected.


    We have a Service item published in the IT shop that has an Active directory group associated. Whenever an employee requests it and the approval workflow…