Browse By Tags

  • ADSDOMAIN: The following fields are compulsory and need to be filled: Forest

    Hello Dears,

    I am integrating Active Directory with One identity Manager.

    When I create a synchronization project through synchronization editor I am facing the following error

    "ADSDomain: The following fields are compulsory and need to be filled: Forest…

  • Doubt regarding outstanding ADSaccount objects

    Hi Fellow Experts,

    Hope everyone is doing well.

    A quick question, I'll be apply a scope filter to only sync 1 OU (at target system side) in synchronization project which will make 95% of the objects Outstanding.

    Now, will deleting the Outstanding…

  • Extract Secondary owners from Security Groups

    Hi All,

    I need powershell script to find out secondary owners from all the security groups in my domain. I searched for few blogs and found some suggestion about report but i need script/Powershell to find out the same. 

    We have thousand groups and for…

  • Read Target group's managers and send mail to email attribute value defined in other domain

    Hi ,

    We have Domain A and Domain B in ARS. Domain A and Domain B users are in sync. Domain A does not have email attribute or incorrect email attribute but corresponding user in domain B has correct email attribute. we have security groups in domain A…

  • Active Directory Service Account

    Hi, what would be the best practice for the number of AD Service Account to be used. So, in Safeguard, there are 2 parts which would require AD service account, onboarding Active Directory Asset and Configuring AD in Identity and Authentication. With…

  • Active Roles 7.4.4 Capabilities


    We are looking to automate our current joiners, movers and leavers process and believe that this can be achieved using the latest version of AR. 

    We would like to setup AR integration with ServiceNow and then create the following workflows in its…

  • Alternative of Email attribute

    Hi All,

    when we add approvers for group membership additions in Active role. it will trigger email to Primary/Secondary owners to that group for approval. Probably when we add Primary/Secondary owners to groups it automatically read their email attribute…

  • Fetch Todays System date In Web Designer. By Default.

    Hi Everyone,

    We have a requirement while creating a new contractor manually from the IT shop, Joining Date should be automatically populated as the current date,
    so that users cannot select the previous date, and in the case of leaving date, past dates…

  • Report of all users for Proxyaddress attribute


    I need Proxyaddress attribute of all users in domain. Since there are multiple values available in this attribute i need either to get each attribute separately in column or search users with one particular value only. for an example i need all users…

  • One Identity Resilience: New Name, New Priorities, New Level of Strength & Unity

    United in our resilience.

    We stood together, Customers, Partners and One Identity, united in a common cause. We stood arm-in-arm alongside our fellows and have recently faced one of the biggest challenges the globe has thrown at us in modern times. Not…

  • Active Directory schema update doesnt show new attribute

    After creating synch project with AD, there was added new attribute (in AD).

    Schema update in synch editor doesnt help to see this attribute

    If I create new synch project with AD this attribute is present.

    Any way to update schema in created synch project…

  • 1 user license does not sync properly into AD

    Hi all, I have a sets of user and I added a license on their department all user where to sync properly into AD but among them there is one user who does does not sync into the ad properly when I check the AD it is missing the License. I am currently…

  • INACTIVE account in One identity but still ACTIVE in active directory

    Hi again, I have a problem regarding the deactivating an  Active Directory account. It appears that the account is already INACTIVE in One Identity but still active on ACTIVE DIRECTORY.

  • Create ADSContainer from Departments automatically

    Is it possible to create missing ADSContainers from Departments structure automatically?

  • 10 Best Practices to Secure Active Directory – From Real Users of One Identity Active Roles

    Account Lifecycle Management programs have transformed since the pandemic, and we heard from IT thought leaders and real users that they must make great strides to increase Active Directory (AD) security and efficiency to handle the digital transformation…

  • HRIS User Attribute and AD Group Mapping?

    Hello – we are currently running OneIM 8.1.3 and have our HRIS system successfully sending user data into our DB and sync’d with Active Directory.  We recently ran across a use case that requires that; A User from our HRIS system with a Sub…

  • 2020 Tech Hangover Recovery - Expert Panelists Provide Informed Insights to Reinforce and Secure

    What does the future of security hold? Is Zero Trust a real thing? Is a secure environment achievable for organizations, especially with the aftershocks from 2020? In this on-demand webcast, Cure the 2020 Tech Hangover, our lively panel of experts address…

  • Convert epoch time in Sync editor


    I would like to get data about Expiry date from AD - parameter msDS-UserPasswordExpiryTimeComputed

    As I checked it is the same forma as AccountExpires parameter.

    Where I do not find solution is how can I create vrt property to transfer this number to…

  • Azure AD Questions

    Hi all,

    I am new to One Identity products and possibly looking at purchasing Active Roles to automate new user requests from Service Now but I have a few questions that i hope you can help me with:


    We currently create users on our on premise…

  • Three Ways to Improve Password Security and Self-service for Your End Users

    For enhanced password security, organizations need a simple, highly secure and efficient way for users to reset forgotten passwords and unlock accounts on their own. As an IT Leader, you must implement strong password policies and eliminate risk of data…

  • AD Provisioning fails with: Unable to execute method (Insert object) for object (Xxxx) because not all mandatory properties are defined.

    My AD Account Provisioning has stopped working.  It always fails with the error "not all mandatory properties are defined".  It is complaining about "cn, objectClass, sAMAccountName".

    To eliminate moving parts, I go to the Sync Editor…

  • Unable to create synchronization project for connecting to Active Directory


    We are using version 8.1.3. We have integrated with one AD domain in One Identity Manager and now trying to integrate with another AD domain. We do not have direct  DB connectivity and it is via Application server. When we try to create AD project…

  • Achieve Zero Trust Even When Active Directory is in the Way

    After working with Active Directory for longer than I care to confess, the term ‘Zero Trust’ has bubbled up just about everywhere I look. For years, I ignored it, mostly because it sounds too good to be true. I assumed – as with some industry buzzwords…

  • How to provision a new AD account to a user using Roles

    We are new to One Identity and trying to provision a new AD account by assigning a business role. Below is our approach:

    1. Created a business role hierarchy as below:

               Business Role1 ----- Role Assignment (Account Definitions, Active Directory Groups…

  • Not all OU in 1IM DB after Active Directory Syncronization (Missing some OUs)


    1IM 8.1. SP2. 

    I created Sync Project Active Directory. 

    I did not change scopes or filters. 

    Not all OU inserted ADSContainer table after syncronization.

    Logs has not errors about OU. 

    In test enviroment with test AD all ok.

    Why it did?