High Level Steps
1) Install Active directory connector
2) Install connector server
3) Update the port and key on connector server
4) configure the IT resource
5) Run the organization group lookup reconciliation
6) Create the Active directory application Instance
7) Create a user and provision assign Active Directory
Download URL'
a)
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/connectors-101674.html
1) Install Acitve Directory connector
# Copy the active directory connector to ConnectorDefaultDirectory
# Login to sysadmin console and click on Manage Connector
# Click on Install
# Select the Active Directory From the drop down and click on Load
# Click on next
#Wait for sometime to finish with successful installation then click on Exit
2) Install connector server
# Download the connector server from the download url at the top this lab,extract and click on ServiceInstall-1.4.0.0.msi
# Click on Next
# Select Typical and click on next
# Click on Install
# Click on Finish
3) Update the port and key on connector server
# Open command prompt , go to installer connector server location and set the key with below commands.
- Location = Installed Loation
- ConnectorServer.exe /setkey 123456 (Make sure you enter the same key in IT resource key parameter)
# Go to C:\Program Files (x86)\Identity Connectors\Connector Server, open ConnectorServer.exe.Config file and add the highlighted line to enable the logging for Active Directory and Exchange
<switches>
<add name="ActiveDirectorySwitches" Value="4">
</switches>
# Copy the Active Directory Bundle From /app/oracle/middleware/Oracle_IDM1/connectors/msft_activedirectory/bundle to AD machine
# Extract the AD connector bundle in AD machine
# After Extract copy all the files
# Paste all copied files in Installed connector server folder
# Select Copy and Replace
# Go to C:\Program Files (x86)\Identity Connectors\Connector Server, open ConnectorServer.exe.Config file and edit the connector server port to any I am using 9999 ( Make sure you use the same port in IT resource parameters)
4) configure the IT resource
# Login to sysadmin console, click on IT Resource,select Active Directory and update the below values
- Domain Name=ad.com (Update as per your domain name)
- Container:dc=ad,dc=com (Base domain search base)
- DirectoryAdminName=ad.com\administrator (Admin account name)
- DirectoryAdminPassword=abcd@123
- LDAPHostname=192.168.19.132 (IP address of AD machine
# Login to sysadmin console, click on IT Resource,select Active Directory connector server and update the below values
- Host = IP Adress of AD machine
- Key = Key value which we entered from command prompt in AD
- Port = Connecter server port which we have configured in ConnectorServer.exe.Config in AD
- Timeout = Set to 0
- UseSSL= false (as I am not using SSL)
5) Run the organization group lookup reconciliation
# Go to design console and check the Lookup.ActiveDirectory.Groups lookup it should be black
# Go to sysadmin console , click on schedule task , select Active Directory group lookup recon, enable and click on run
# Make sure the scheduler stopped after few minutes
# Now verify the Lookup.ActiveDirectory.Groups lookup as it pulled the groups from AD
6) Create the Active directory application Instance
# Login to sysadmin console,click on sandbox ,select Active checkbox and click on save and close
# Click on Application insatnces from sysadmin console give the below values
- Name= Application name
- Display Name = Display name to show up on Catalog
- Resource Object= Select AD User as we are creating application instance for AD
- IT resource= Select Active Directory
- Click on Apply
# Clock on Form Designer form the sysadmin console, click on create and give the below values
- Resource Type= AD User
- From Name= ActiveDirectory
- Form Type = Select Parent From + Child Tables
- Click on Create
# Go to application Instance select Active directory form and from the dropdown in from select ActiveDirectory then click on apply
# Now click on sandbox at the top and published the active sanbox which we created
# Go to scheduler from sysadmin console and run the Catalog Synchronization job
7) Create a user and provision assign Active Directory
# Go to Identity console and create a user
# One the user create go to his account tab and click on Request Accounts
# From the catalog search for ActiveDirectory , Add to Cart and click on Checkout
# In process from Give the Organization Name ,Ready to submit and submit
# Check the ActiveDirectory account should be in provisioned state
Thank you
Arihant Baid