• Password Reset Issue While Switching Remote Loader.

    Hello. We have three Remote Loader (RL) servers installed across three sites, with each RL connected to the respective site’s IDM and AD. Currently, one RL is in an active state, while the others are stopped. We are encountering issues when switching…
  • Migrate into IDVault issue - Identity console

    Hi, We have IDM 4.8.7 SP1. We have Identity Console 1.7 installed on the server. There is an issue with a user object in IDM. Few attributes in IDM are not set. These attributes are set based on the attribute values from AD. For example: The mail…
  • User CN provisioned with underscore ie cn=1_5,ou=users

    We have experienced an issue in the last two weeks that we have never seen before a user is provisioned with two CN identifiers for example a user is created and the CN is 1_5 and also JDOE. This is causing issues with office 365. This behavior is new…
  • Password from AD not synchronized or even listened on IDM

    Hi. We're having an issue with the Ad RemoteLoader /Driver when the password change is not sycnhronized or even listened on IDM, the remote loader trace shows the next lines: DirXML: [07/27/23 19:09:02.50]: ADDriver: [PWD] - AddDCKey() domain controller…
  • NetIQ 4.8.6 Active Directory Scoping OUs to determine Fetch Point for users

    I have an environment in which I have configured AD driver successfully. I have specified an OU for users in driver configuration.(Active Directory User Container) When I create a user in another container in AD (other than the one I have specified…
  • Problem connecting to parent domain with AD Driver

    Hi,l Currently I am facing an issue with the Active Directory driver trying to connect to a parent domain so this is the setup. We have two domains: parent.com (Parent Domain) child.parent.com (Child Domain) We need to assign users from…
  • ADDriver shutdown with error LDAP_OPERATIONS_ERROR

    Hi, I have IDM 4.8.1 with ADDriver running. The driver shut down unexpectedly and the following error is seen in the trace file: LDAP_OPERATIONS_ERROR Here details of the driver trace: https://hastebin.com/paxoxozuyu.yaml Before that, there was…
  • hello guys How do I know if the driver is configured to run only on one Windows server?

    hello guys I just wanted to know How do I know if the driver is configured to run only on one Windows server?
  • MDAD Cloud Mailbox

    We used to provision mailboxes via psexecute in an AD driver. Something like this: <do-set-dest-attr-value name="PSExecute"> <arg-value type="string"> <token-text xml:space="preserve">Enable-Mailbox -DomainController ~drv.defaultdc~ -Identity…
  • Capture Delete Account events in Active Directory -Terminate User

    Capture Delete Account events in Active Directory -Terminate User I want to terminate (LOGIN_DISABLED = TRUE) a user who was DELETED in Active Directory. I am able to make user terminated (LOGIN_DISABLED = TRUE) when an account in AD was disabled. I…
  • AD driver Check password connection validation.Invalid Credentials8009030C: LdapErr: DSID-0C090579

    Hi There, I am using IDM 4.8 on linux machine and have created AD driver for user sync But I am unable to sync password AD to edir but edir to AD is working perfectly. I have installed pwfilter on only on DC machine and using pass sync tool it is…
  • Creating Active Directory Groups via NetIQ IDM Active Directory Driver

    I am wondering if the AD Driver has the capability to create new AD groups. Currently, I am using the driver to fetch the existing AD Groups under a specific OU. Similarly, my requirement is to create AD groups in AD using IDM AD Driver capabilities.
  • Remove Users from Unassociated Groups in AD

    Hello, community! Once user is fired from company, I have to remove the user from all AD groups that he is member of in Active Directory. I don't have all Groups mapped to Resources and most of them are not associated to IDM. I have created…
  • Login Disabled attribute not updated

    I have a requirement in which once the user account is disabled in Active Directory, I need to have the corresponding user to be disabled (Login Disabled = true) in IDM. In the trace logs I can see that the user get the update (Disable), but this information…
  • how to set never expire password in AD using Active directory Driver for service accounts

    how to set never expire password in ad using Active directory Driver for service accounts?
  • Mulit valued internet email address on AD account Creation

    IDM structure Live tree - eDir to eDir driver - IDM tree - MAD driver - AD Domain We have recently added first.last@ as our preferred email address, but still publish username@. and are now having issues when new accounts are created in eDirectory…
  • Active Directory Driver - Retrieve Application Authentication from PAM

    Hello, team. I am creating a new Active Directoy Driver and my client is asking us to retrieve the Application Authentication details(Authentication ID and Application Password) from a PAM tool. Is that something possible to do? We are running IDM…
  • AD Remoteloader not showing any event trace

    Hi I just found an Issue at one of our customers. The RemoteLoader trace file for the Active Directory Driver does not show anything regarding any event transactions - regardless of the tracelevel. I've tried with tracelevel 1 & 3 but neither shows…
  • AD Driver sub-ctp-GroupMemberResolution incorrectly moving groups

    I'm seeing AD groups randomly get moved to the wrong DN on user creation and have tracked it down to this default policy in the AD driver, which I've for now disabled this polocy. Due to our highly complex AD structure we manually set an attribute in…
  • Creating OUs in Active Directory from IDM AD driver - Recommendation

    Hi, We already have a logic to create groups in AD under the respective departments OU via AD driver. There are some department OUs does not exist in AD. So, the new requirement is to check the OU exist in AD before creating the group. If the OU…
  • Error executing PS command on AD connector

    Hi everyone I have a problem creating mail accounts in Exchange through the AD connector. When the PS command is run, the following error is received: Error completing powershell command. ERROR: Cannot validate argument on parameter 'Id'. The argument…
  • Moving AD Remote Loader to New windows Server

    I want to Move the Active Directory Remote Loader from Windows server 2008 to 2012. Whats the process move, and configure the Remote Loader??
  • Huge groups and AD sync

    I have large groups, size of 20-30k users in eDirectory and I keep them synced in AD. Do you have any ideas on how to efficiently sync such beasts? I have a single AD driver and it works well but these large groups present their own challenges with their…
  • IDM to AD drivers : User creation fail cause they are homonyms and CN and DN are the same in AD

    We are fine tunning ou IDM Active Directory driver and we just notice a serious problem. Our HR db is linked with an MSSQL IDM driver and with script we are validating before user creation that another user does't have the same loginname or cn in the…
  • Mutiple Active Directory User Container in AD Drivers

    Hi I am trying to define multiple Active Directory User Container in AD Drivers. I changed the type from STRING to LIST for this. Now, on adding multiple Active Directory User Container User migration is not happening. However, if single Active Directory…