...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
...
Introduction
This article describes the CoreOne system connector Microsoft Active Directory Connector.
...
Configurationsparameter
The following configuration parameters are available for the Microsoft Active Directory system connector:
Parameter | Mandatory field | Datatype | Description |
---|---|---|---|
Server | - | Text | Name of the Servers |
Domain name | ✅ | Text | IP address from the server or the FQDN e.g. |
Username | - | Text | User credentials on the server |
Password | - | Password | User credentials on the server |
Exchange Server | - | Text | IP address from the server or the FQDN e.g. 10.20.0.5 / test.verwaltung.example.ch |
Exchange SSL | - | Checkbox | Exchange SSL |
Exchange ShellUri | - | Text | Exchange ShellUri |
Exchange AppName | - | Text | Exchange AppName |
Exchange Authentication method | - | Drop Down: Default | The authentication method |
User must change password at next login | - | Checkbox | The user is prompted to change the password at the next login → This setting can be overwritten either by a password policy that is set on the target system or with the corresponding attribute on the identity provisioning configuration |
Ignore user deletion protection | - | Checkbox | Cancels the deletion protection from the user |
Ignore resources deletion protection | - | Checkbox | Unprotects the resources from deletion |
Create home directory | - | Checkbox | Creates a home directory |
Create profile directory | - | Checkbox | Creates a profile directory |
Delete home directory | - | Checkbox | Deletes the home directory |
Delete profile directory | - | Checkbox | Deletes the profile directory |
Update home directory | - | Checkbox | Updates the home directory |
Update profile directory | - | Checkbox | Updates the profile directory |
Display attributes for unmanaged identities | - | Text | Display attributes for unmanaged identities. This is the property that will be used to display an unmanaged identity within the CoreOne Suite. Use either |
Compatibility
The following target systems are supported:
Microsoft Active Directory 2008 |
Microsoft Active Directory 2008 R2 |
Microsoft Active Directory 2012 |
Microsoft Active Directory 2012 R2 |
Microsoft Active Directory 2016 |
Microsoft Active Directory 2019 |
Resources type
The following resource types are supported:
Groups
AD object | Description |
---|---|
Security Group | An Active Directory security group. |
Distribution Group | An Active Directory distribution group. |
AGDLP-Group | Creates and maintains various group objects in accordance with the AGDLP group concept (https://en.wikipedia.org/wiki/AGDLP ) |
Computer
Note |
---|
Deprecated |
AD Object | Description |
---|---|
Computer | Computer object |
Identity types
The following identity types are supported:
AD Object | Description |
---|---|
User | User object |
Contact | Contact object |
Identity
...
features
The following identity functions are supported:
Function (Task feature)System Connector task features | Supported |
createCreate/delete identities | ✅ |
provisioning Provisioning identities | ✅ |
update Update identities | ✅ |
provisioning Provisioning identity updates | ✅ |
deprovision identities |
|
check Deprovision identities | ✅ |
Cleanup of inactive identities active | ✅ |
Check password changed active | ✅ |
Resources
...
features
The following resource functions are supported:
Function (task feature)System Connector task features | Supported |
createCreate/delete resources | ✅ |
provision Provision resources | ✅ |
update Update resources | ✅ |
provisioning Provisioning resource changes | ✅ |
deprovisioning Deprovisioning resources | ✅ |
provisioning Provisioning resource allocations | ✅ |
deprovisioning Deprovisioning resource allocations | ✅ |
provisioning Provisioning resources-resource allocations | ✅ |
Deprovisioning resource resource allocations | ✅ |
Cleanup
...
features
The following cleanup functions are supported:
Function (task feature)System Connector task features | Supported | |
Is available in the target/actual (Soll-Ist) comparison log |
| |
Clean up target/actual (Soll-Ist) |
| |
Read back user account properties |
| |
Resource identity assignments Target system cleanup |
| |
Resource-resource assignments Target system cleanup | In the should-actual Log available | ✅ |
Should be - Actually is - cleanup | ✅ | |
Read back account properties | ✅ | |
Resource identity member target system clean up | ✅ | |
Resource resource member target system clean up | ✅ |