User Fields for Provisioning

The Lookup.ActiveDirectory.UM.ProvAttrMap lookup definition maps process form fields with target system attributes. This lookup definition is used for performing user provisioning operations.

Table 1–15 lists the user identity fields of the target system for which you can specify or modify values during provisioning operations.

Delete object class ADIDC Update Child Table Values

Group Provisioning Functions

Create group ADIDC Create Object

Delete group ADIDC Delete Object

Display Name Updated ADIDC Update Attribute Value

Group Name Updated ADIDC Update Attribute Value

Group Type Updated ADIDC Update Attribute Value

Organization Name Updated ADIDC Update Attribute Value

Organizational Unit Provisioning Functions

Create Organizational Unit ADIDC Create Object

Display Name Updated ADIDC Update Attribute Value

Container Updated ADIDC Update Attribute Value

Delete Organizational Unit ADIDC Delete Object

Table 1–15 Entries in the Lookup.ActiveDirectory.UM.ProvAttrMap Lookup Definition

Process Form Field Target System Field Description

Manager Name manager Manager name

You must enter the manager name in the DN format. For example:

cn=abc,ou=lmn,dc=corp,dc=com Terminal Home Directory TerminalServicesHomeDirectory

Part of the data stored in the userParameters field

Note: This field does not exist in Microsoft AD LDS. A value that you enter in this field would be ignored during provisioning operations in Microsoft AD LDS.

Full path of the home directory for the Terminal Server user

Sample value: c:\MyDirectory During a provisioning operation, you must enter the full, absolute path of the home directory, as shown in the sample value.

UD_ADUSRC~Group Name[Lookup]

__GROUPS__ Group name

Table 1–14 (Cont.) Provisioning Functions

Function Adapter

Connector Objects Used During Provisioning

Terminal Profile Path TerminalServicesProfilePath Part of the data stored in the userParameters field

Note: This field does not exist in Microsoft AD LDS. A value that you enter in this field would be ignored during provisioning operations in Microsoft AD LDS.

Profile that is used when the user logs on to a Terminal Server The profile can be roaming or mandatory. A roaming profile remains the same, regardless of the computer from which the user logs in. The user can make changes to a roaming profile, but not to a mandatory profile. Any changes a user makes while logged in with a mandatory profile are retained only for that Terminal Services session.

The changes are lost when the user starts another Terminal Services session.

Account Expiration Date[DATE]

This is a date field.

__PASSWORD_EXPIRATION_DA TE__

Date when the account expires

Street streetAddress Street address

Zip postalCode ZIP code

Middle Name

This field is on both the process form and the OIM User form.

During a provisioning operation, the Middle Name field on the process form is prepopulated with the value entered in the Middle Name field on the OIM User form.

middleName Initials for the user's middle name

User Must Change Password At Next Logon

This is a check box.

__PASSWORD_EXPIRED__ Flag that indicates whether or not the user must change the password at next logon.

If the value is yes (check box is selected), then the user must change the password at next logon.

Office physicalDeliveryofficeName Office Location

Home Phone homePhone Home phone number

City l City

Account is Locked out This is a check box

__LOCK_OUT__ Specifies whether the user account must be locked or unlocked

Last Name

This field is on both the process form and the OIM User form. It is a mandatory field on the OIM User form.

During a provisioning operation, the Last Name field on the process form is prepopulated with the value entered in the Last Name field on

sn Last name

IP Phone ipPhone IP phone number

Mobile mobile Mobile number

Table 1–15 (Cont.) Entries in the Lookup.ActiveDirectory.UM.ProvAttrMap Lookup Definition

Process Form Field Target System Field Description

Connector Objects Used During Provisioning

Telephone Number telephoneNumber Telephone number

State st State

Fax facsimileTelephoneNumber Fax number

First Name

This field is on both the process form and the OIM User form. It is a mandatory field on the OIM User form.

During a provisioning operation, the First Name field on the process form is prepopulated with the value entered in the First Name field on the OIM User form.

givenName First name

Password

This field is on both the process form and the OIM User form. It is a mandatory field on the OIM User form.

During a provisioning operation, the Password field on the process form is prepopulated with the value entered in the Password field on the OIM User form.

If SSL is configured between Oracle Identity Manager and the target system, then the Password field on the process form is a mandatory field.

__PASSWORD__

This connector uses ADSI to set the password of the user. It uses the IADsUser#SetPassword API. This API sets the user's unicodePwd attribute. See the following URL for more information:

http://msdn.microsoft.com/en-u s/library/ms677943%28v=vs.85%2 9.aspx#unicodepwd

User's password in UTF-8 format

Full Name displayName Display name for a user

During a Create User provisioning operation, the cn and displayName fields are populated with a

combination of the user's first name, middle initial, and last name entered on the OIM User form.

The full name is displayed in the following format on the process form:

FIRSTNAME MIDDLE_INITIAL.

LASTNAME

For example: John M. Doe If the middle initial is not entered, then the name is displayed as, for example, John Doe.

During an Update provisioning operation, only the value in the displayName field is updated.

Redirection Mail Id __MAILREDIRECTION__ E-mail address to which e-mail sent to the user must be redirected This e-mail address overrides the one set in the E Mail field.

__NAME__ __NAME__="CN=$(Common_Na

me),$(Organization_Name)"

User name with full DN Table 1–15 (Cont.) Entries in the Lookup.ActiveDirectory.UM.ProvAttrMap Lookup Definition

Process Form Field Target System Field Description

Connector Objects Used During Provisioning

Password Not Required This is a check box.

PasswordNotRequired Specifies whether or not Password is required. If it is true, then there is no need to specify the password. If it is false, then password is required.

Terminal Allow Login This is a check box.

AllowLogon

This field does not exist in Microsoft ADAM and AD LDS. A value that you enter in this field would be ignored during provisioning operations in Microsoft ADAM and AD LDS.

Specifies whether or not the user is permitted to log on to the Terminal Server

Country c Country

User Id

This field is on both the process form and the OIM User form. It is a mandatory field.

During a provisioning operation, the User ID field on the process form is prepopulated with the value entered in the User

sAMAccountName

This is a mandatory field in Microsoft Active Directory. This field does not exist in Microsoft ADAM and AD LDS.

User's logon name

Pager pager Pager number

Organization

Name[LOOKUP,IGNORE]

IGNORED Name of the organization

Unique Id

This is a hidden field on both the process form and the OIM User form.

__UID__ Object GUID of the user

E Mail

This field is on both the process form and the OIM User form.

mail Email address

Common Name[IGNORE] IGNORED Common name of the user

Title title Title

Company company Company

Password Never Expires This is a check box.

PasswordNeverExpires Flag that controls the Password Never Expires property

Department department Department

Table 1–15 (Cont.) Entries in the Lookup.ActiveDirectory.UM.ProvAttrMap Lookup Definition

Process Form Field Target System Field Description

Connector Objects Used During Provisioning

Table 1–16 lists special characters that are supported in process form fields.

User Principal Name This is a mandatory field.

userPrincipalName This is a mandatory field.

Note: The value for

UserPrincipalName must be entered in the format shown in the following example:

If the root context is

dc=example,dc=com and the user ID is user1, then the

userPrincipalName value is [email protected].

The user principal name is the domain-specific name of the user.

This field is pre-populated on the Administrative and User Console.

The format is as follows:

USER_ID_VALUE@UPN_DOMAIN_

VALUE

Note: When you update this field, you can change the User ID part but you must not change the domain name. If you change the domain name, then the user will not be matched on the target system.

Homedirectory homeDirectory Home directory of the user

Post Office Box postOfficeBox Post-office box

Table 1–16 Special Characters Supported in Process Form Fields

Name of the Character Character

ampersand &

Table 1–15 (Cont.) Entries in the Lookup.ActiveDirectory.UM.ProvAttrMap Lookup Definition

Process Form Field Target System Field Description

Connector Objects Used During Provisioning

In document Connector Guide for Microsoft Active Directory User Management Release (Page 56-61)