Browse By Tags

  • Unable to sync a multivalue column in Active directory from One Identity manager

    Hello Team,

    We have created a String type column and marked it as Multi-valued in ADSAccount table as we want to sync the column values in AD "Proxy Address" attribute which is a multi-valued. We are unable to sync the value in AD and neither we are able…

  • active directory group membership sync base on xOrigin


    Can anyone please help me out of the below requirement. 

    During the active directory group sync, I want to delete all the direct (Xorigin = 1) membership from 1IM if memberships are not present in AD however if memberships are indirect (xOrigin> 1)…

  • Active Directory Authentication not working


    We are trying to setup AD authentication following the guide:

    But, we don't want to disable the anonymous Authentication.

    And It is…

  • Why account definition is checked when Department is updated for any user?

    Hi Experts,

    I tried to update few attributes in AD for the user like firstname, lastname, description, department. I have noticed that with only department change the account definition is again checked for the user and accordingly the container of the…

  • Starling Connect extends your identity administration and governance capabilities to the cloud

    You already know the amazing capabilities of One Identity Active Roles and how it simplifies and centralizes provisioning and deprovisioning processes for your Active Directory and Azure Active Directory-controlled identities. You know that it provides…

  • AD Sync based on group membership assignment

    Hi Experts

    I am trying to achieve some sync task however not sure what is the best solution. the task is - 

    If any group membership missing in AD however the membership present in IAM, during the sync the action should be 

    • If the membership in Identity…
  • Configuring Samba Client on RHEL 7 to access a windows share


    I am relatively new to the Quest One Identity software . 

    I am working on configuring  Samba client on Red Hat Linux REHL 7  to access a windows share . 

    We have Quest One Idenity implemented (VAS 4.0) with PAM authentication from Active  directory. We…

  • ADS group update on getting failed when trying to update owner of the AD group to group type

    Hi Team,

    when trying to update the owner of AD group to AD Group we are getting below error.Please help

    ErrorMessages = (2019-07-16 15:10:53.297) Last action taken by target system provider was: Error executing script

  • Unable to disable AD accounts from One Identity Manager


    I am trying to get the status of the user from CSV file and setting "IsTemporaryDeactivated" as True. But when IsTemporaryDeactivated is set to True from csv, it is not able to update AD account. And when I directly change IsTemporaryDeactivated to…

  • Provisioning an unexpected value in attribute Mail of AD

    Hello experts,


    1IM is provisioning the “Mail” attribute of some AD accounts as blank (“”) when this should be Person.CCC_email and we cannot explain why this is happening despite Person.CCC_email being always filled.

    We have…

  • ARS background process

    Hi All,

    I just wanted to know what background process does ARS do to provision objects to AD. Is it LDAP or any scripts that it run in background.



  • Unable to create/update AD account due to password policy


    We are trying to create an account in AD. It creates the account in AD but while setting the password it throws below error

    Error executing user_password_Set on object CN=91005,OU=Offsite Contractors,OU=US Berwyn,OU=all users,DC=dfctest,DC=local …

  • Could not create account in Active Directory complaining on password policy

    Hi Experts 

    I am getting a password policy violation error while adding ADSAccount to the target.

    Please find the error below - 

    ErrorMessages () [1777018] Error executing synchronization project (Active Directory Domain )'s workflow (Provisioning).…

  • What is the way to add AD group membership to a disable person


    I have an requirement to assign two ads group to a disable person. 

    I have written a script to add the groupmembership (ADSAccountInADSGroup), It seems like it is not possible to add as user account is disable.

    It is complaining in xIsInEffect column…

  • Ad group not assigned

    Hello experts,

    (Ver 7.1.2)

    We have an active directory group that is not being assigned as we expected.


    We have a Service item published in the IT shop that has an Active directory group associated. Whenever an employee requests it and the approval workflow…

  • how to connect to admin tools using Active Directory password authentication?


    We are trying to connect to admin tools using "Active Directory Password" authentication and system type used is "SQL Server". Provided below values

    1. UserID : <Active Directory Domain>\<Username>

    2. Password : Password…

  • Active Directory Provisionning

    Hello Everyone, 

    Thanks in advance for your answers.

    I have a problem with the AD Provisionning (Target Synchronization).

    I don't know how to create a kind of CheckBox on "Create User Account" Form via Manager Application (also via Web Portal…

  • One Identity Manager - Active Directory Synchronisation

    Novice on the tool, I need help with the synchronization of the active directory and one identity manager.
    After installing, and trying to sync, the information on my active directory is not the same as that of one identity manager.

  • Virtual property for behavior


    I'm trying to add a virtual property to ADSAccount (user) to get the TSBBehavior ITDataUsage of an ADSAccount, with the intention of using the value in mapping conditions to control the rogue modification correction.

    I have added an Object Reference…

  • One Identity Bolsters Unix Security with New Release of Authentication Services


    • Customers can now enhance the security posture of their Unix environment by requiring two-factor authentication for Unix access and extending the security and administration of Microsoft Active Directory to additional environments with servers using…
  • Administrative Policy returned an error when adding user to ou group via Active Roles

    I received the following error when we try and provision a user to a specific group in AD. We use ARS in our implementation. Is this a fix we need to make on our side or does it relate to a permission on the AD side?

    Method ( (Update)) could not be executed…

  • Getting error in AD synchronization


    I am trying to run AD sync and in the configuration, I have One IM connection via App server (configured in synchronization editor in AD project). When I run the sync, application server throws below error

    2019-01-30 15:10:09.3725 ERROR (ObjectLog…

  • AD group membership not being applied to the target

    AD group membership when assigned directly, or through inheritance, is not assigned to the actual AD.

    In some cases, even the membership can be seen for the ADSAccount object, but it is not seen in AD.

    However, any changes to an AD account is immediately…

  • unable to login to Password Reset Portal using "Active Directory" authentication module


    I am trying to login to Password Reset web portal using "Active Directioy" (tried all combination of AD authentication modules) authentication module but in some cases it is throwing error user cannot be determined and for Active Directory (manual…