Driver name

Default: Active Directory

My example: Active Directory

What do you want to call this driver? The default is “Active Directory”, but can be changed if necessary. For example, if you have multiple Active Directory implementations and you want to connect them all to eDirectory using Identity Manager, you might rename the driver to match the Active Directory tree.
Authentication method

Default: Negotiate

My Example: Negotiate

Negotiate: Use Microsoft Kerberos or NTLM for authentication.

Simple: Use LDAP style simple bind.

Authentication ID

(no default)

My example: example2/adminstrator

Provide Identity Manager with an account that has administrative rights to your Active Directory. If you use the “Negotiate” authentication method, use either an NT login name, or a domain qualified NT login name (Domain/Administrator)

If you opt for the Simple authentication method, provide the full LDAP distinguished name for an administrative user.

Authentication password No default Provide the password for the user specified in the "Authentication ID" field.
Authentication context

No default

My example:

Provide the DNS name for the Active Directory domain controller to use for authentication.
Domain name (LDAP format)

No default

My example: DC=example2,DC=com

Provide the LDAP qualified name of your Active Directory domain.
Domain DNS name

No Default

My example:

Enter the DNS name for your Active Directory domain.
Driver polling interval

Default: 1 minute

My example: 1 minute

Enter the number of minutes to delay before querying Active Directory for changes. A small number will increase the load on your Identity Manager and Active Directory servers.
Password sync timeout

Default: 5 minutes

My example: 5 minutes

Specify the number of minutes that the driver will attempt to sync a password before giving up.
Driver location

Default: Location

My example: Remote

Where will the driver run? On the Identity Manager system or elsewhere? The Active Directory driver always has to be remote when Identity Manager is installed on Open Enterprise Server.
Remote Host Name and Port

Default port: 8090

My example:
Port: 8090

On what IP address is the remote driver being loaded and on what port is the service listening.
Driver password No default Provide a password that the remote loader will use to authenticate to Identity Manager.
Remote password No default What password do you want to use to manage the Remote Loader on the remote machine?
Base container in eDirectory

No default

My example: edir1 (the root)

Specify the base eDirectory container that Identity Manager will use for synchronization.
Publisher placement

Default: Mirrored

My example: Mirrored

Choose one of Flat or Mirrored.

Flat: Place Objects only in the container specified.

Mirrored: Use a hierarchical structure to place objects in the base container.

Base container in Active Directory

No default

My example: CN=Users,DC=example2,DC=com

Provide the full LDAP qualified name to the container in Active Directory that you wish to synchronize. I’m using the default “Users” container than you see in Active Directory Users and Computers.
Active Director placement

Default: Mirrored

My example: Mirrored

Same as “Publisher Placement”, but for your Active Directory server.
Data flow


Bi-directional: Synchronize account changes in both directions

AD to Vault: Only synchronize from AD to eDirectory.

Vault to AD: Only synchronize eDirectory changes to AD.

Password failure notification user

No default

My example: None

Send a report to the specified user when a password update fails.
Configure entitlements

No default

My example: None

Among other tasks, entitlements helps to manage user accounts and group memberships in Active Directory.
Exchange policy

Default: Implement in Policy

My example: None

Configure the driver to assign synchronized eDirectory user accounts to a specific information store.
Group membership policy

Default: Synchronize

My example: Synchronize

How should group membership be handled in Active Directory? Choose Synchronize to assign the user to groups based on group membership in the Identity Vault.
Name mapping policy selection

Default: Accept

My example: Accept

The driver’s default behavior is to map the Identity Vault “Full Name” attribute to the Active Directory object name and map the Active Directory pre-windows 2000 logon name to the Identity Vault user name.

You can choose to accept this behavior, or you can develop your own manual method.

User Principal Name (Active Directory Logon Name) Mapping

Default: None

My example: Follow Identity Vault name

Choose one of the following:

None: Choose when you do not want to control userPrincipalName or when you want to implement your own policy.

Follow Active Directory e-mail address: Useful for Exchange environments, use AD’s email address attribute.

Follow Identity Vault e-mail address: Useful for GroupWise environments, use the vault’s e-mail address.

Follow Identity Vault name: Generate the value based on the user’s logon name.