Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Introduction

This article describes the CoreOne system connector Microsoft Active Directory Connector.

...

Configurationsparameter

The following configuration parameters are available for the Microsoft Active Directory system connector:

Parameter

Mandatory field

Datatype

Description

Server

-

Text

Name of the Servers

Domain name

(tick)

Text

IP address from the server or the FQDN e.g.

Username

-

Text

User credentials on the server

Password

-

Password

User credentials on the server

Exchange Server

-

Text

IP address from the server or the FQDN e.g. 10.20.0.5 /  test.verwaltung.example.ch

Exchange SSL

-

Checkbox

Exchange SSL

Exchange ShellUri

-

Text

Exchange ShellUri

Exchange AppName

-

Text

Exchange AppName

Exchange Authentication method

-

Drop Down:

Default
Basic
Negotiate
NegotiateWithImplicitCredential
Credssp
Digest
Kerberos

The authentication method

User must change password at next login

-

Checkbox

The user is prompted to change the password at the next login

→ This setting can be overwritten either by a password policy that is set on the target system or with the corresponding attribute on the identity provisioning configuration

Ignore user deletion protection

-

Checkbox

Cancels the deletion protection from the user

Ignore resources deletion protection

-

Checkbox

Unprotects the resources from deletion

Create home directory

-

Checkbox

Creates a home directory

Create profile directory

-

Checkbox

Creates a profile directory

Delete home directory

-

Checkbox

 Deletes the home directory

Delete profile directory

-

Checkbox

Deletes the profile directory

Update home directory

-

Checkbox

Updates the home directory

Update profile directory

-

Checkbox

Updates the profile directory

Display attributes for unmanaged identities

-

Text

Display attributes for unmanaged identities. This is the property that will be used to display an unmanaged identity within the CoreOne Suite. Use either SamAccountName, DisplayName or any other meaningful Active Directory attribute.

Compatibility

The following target systems are supported:

Microsoft Active Directory 2008

Microsoft Active Directory 2008 R2

Microsoft Active Directory 2012

Microsoft Active Directory 2012 R2

Microsoft Active Directory 2016

Microsoft Active Directory 2019

Resources type

The following resource types are supported:

Groups

AD object

Description

Security Group

An Active Directory security group.

Distribution Group

An Active Directory distribution group.

AGDLP-Group

Creates and maintains various group objects in accordance with the AGDLP group concept (https://en.wikipedia.org/wiki/AGDLP )

Computer

Note

Deprecated

AD Object

Description

Computer

Computer object

Identity types

The following identity types are supported:

AD Object

Description

User

User object

Contact

Contact object

Identity

...

features

The following identity functions are supported:

Function (Task feature)System Connector task features

Supported

createCreate/delete identities

(tick)

provisioning Provisioning identities 

(tick)

update Update identities          

(tick)

provisioning Provisioning identity updates   

(tick)

deprovision identities  

(tick)

check Deprovision identities  

Cleanup of inactive identities active

Check password changed active

(tick)

Resources

...

features

The following resource functions are supported:

Function (task feature)System Connector task features

Supported

createCreate/delete resources

(tick)

provision Provision resources     

(tick)

update Update resources         

(tick)

provisioning Provisioning resource changes 

(tick)

deprovisioning Deprovisioning resources         

(tick)

provisioning Provisioning resource allocations         

(tick)

deprovisioning Deprovisioning resource allocations     

(tick)

provisioning Provisioning resources-resource allocations     

(tick)

Deprovisioning resource resource allocations   

(tick)

Cleanup

...

features

The following cleanup functions are supported:

Function (task feature)System Connector task features

Supported

Is available in the target/actual (Soll-Ist) comparison log          

(tick)

Clean up target/actual (Soll-Ist)

(tick)

Read back user account properties

(tick)

Resource identity assignments Target system cleanup  

(tick)

Resource-resource assignments Target system cleanup 

(tick) In the should-actual Log available    

Should be - Actually is - cleanup

Read back account properties

Resource identity member target system clean up

Resource resource member target system clean up