Supported Features

The connector supports the following features:

Account Management

Active Directory Users

  • Manages Active Directory Users as Accounts

  • Aggregation, Delta Aggregation, Partitioning

  • Aggregation, Refresh Account, Pass Through

  • Authentication, Delta Partitioning Aggregation

  • Create, Update, or Delete

  • Enable, Disable, Unlock, or Change Password

  • Add/Remove Entitlements (includes Foreign Security Principals)

  • Terminal Services, Dial-in Attributes

  • Create, Update, or Delete Exchange User Mailbox

  • Create, Update, or Delete Exchange Mail User

  • Create, Update, or Delete Skype for Business user

  • Enable or Disable, setting policies for Skype for Business user

  • Reset Skype for Business user PIN

  • Password Interception

Active Directory Contacts

  • Manages Active Directory Contacts as Accounts

  • Aggregation, Delta Aggregation, Partitioning Aggregation, or Refresh Account

  • Create, Update, or Delete

  • Add or Remove Entitlements

  • Create, Update, or Delete Exchange Mail Contact

Active Directory Service Accounts (Managed Service Accounts/Group Managed Service Accounts)

  • Aggregation, Partitioning Aggregation, or Refresh Account

  • Create, Update, or Delete

  • Add or Remove Entitlements

Account - Group Management

  • Manages Active Directory Groups as Account-Groups

  • Aggregation, Delta Aggregation, Refresh Group

  • Create, Update, or Delete

  • Create or Delete Exchange Distribution List

Microsoft Exchange Shared Mailbox

Manage Shared Mailbox as Account Groups. For more information, see Microsoft Exchange Shared Mailbox.

Active Directory Resource Forest Exchange Management

For more information, see Active Directory Resource Forest Topology Exchange Management.

Permission Management

  • Application can be configured for following unstructured target collectors to read permissions from the following end system:
    Windows File Share: Read Windows File Share permissions directly assigned to accounts and groups.

  • Supports automated revocation of the aggregated permissions and creates work items for requests only when the default provisioning action is overridden, and Manual Work Item is selected as the provisioning action.

Other

  • Restore deleted objects (Active Directory Accounts and Groups) using 'Active Directory Recycle Bin'

  • Supports executing native before/after scripts for provisioning requests

  • Provides support for Simple Authentication and Security Layer (SASL) when binding to Active Directory

  • Active Directory Connector provides support for serverless configuration for better reliability and ease of configuration.
    For more information, see Prerequisites.

  • IQService support TLS and client authentication to ensure the channel is secure and IQService is communicating with legit Client (IdentityIQ).

  • Supports Auto Partitioning. For more information, see Account and Group Settings.

  • Supports reusing of Ticket Granting Tickets (TGT) for Kerberos authentication during aggregation tasks. To revert to the earlier implementation (non-cached) an additional attribute named adSystemConfUseUpdatedSASLCommunication can be added to the system configuration.