{ "componentChunkName": "component---src-templates-docs-js", "path": "/connectorconfig/microsoft/4-adpowershell", "result": {"data":{"site":{"siteMetadata":{"title":"OpenIAM Documentation v2026.5.1 | OpenIAM","docsLocation":""}},"mdx":{"fields":{"id":"89b3ada1-9f53-52db-a281-21c766dfd99f","title":"Active Directory PowerShell connector","slug":"/connectorconfig/microsoft/4-adpowershell"},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n \"title\": \"Active Directory PowerShell connector\",\n \"metaTitle\": \"OpenIAM Active Directory PowerShell connector\",\n \"metaDescription\": \"This page describes how to use OpenIAM Active directory connector\"\n};\nvar layoutProps = {\n _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n var components = _ref.components,\n props = _objectWithoutProperties(_ref, _excluded);\n\n return mdx(MDXLayout, _extends({}, layoutProps, props, {\n components: components,\n mdxType: \"MDXLayout\"\n }), mdx(\"h1\", null, \"Installation and connection to OpenIAM\"), mdx(\"p\", null, \"All PowerShell connectors are installed in the same way, which is described in the\\ndocument: \", mdx(Link, {\n to: \"/connectorconfig/microsoft/1-powershellconnectorinstallation\",\n mdxType: \"Link\"\n }, \"PowerShell connector\\ninstallation\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Details related to installing the PowerShell Active Directory connector\")), mdx(\"p\", null, \"The AD PowerShell connector can be deployed on either:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Domain joined server inside the same domain which contains the identities the AD connector is supposed to manage.\\n\", mdx(\"em\", {\n parentName: \"li\"\n }, \"This is the recommended approach\")), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Non-domain joined server. However, the domain controller of the target domain should be network reachable from the AD\\nconnector server.\")), mdx(\"p\", null, mdx(\"em\", {\n parentName: \"p\"\n }, \"Installing the AD PowerShell connector directly on domain controllers is possible as well, however, this is not\\nrecommend for production environments\"), \".\"), mdx(\"h1\", null, \"General usage\"), mdx(\"p\", null, \"All PowerShell connectors are used in the same way, which is described in the\\ndocument: \", mdx(Link, {\n to: \"/connectorconfig/microsoft/2-powershellconnectorsusage\",\n mdxType: \"Link\"\n }, \"PowerShell connector usage\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Service account information:\")), mdx(\"p\", null, \"During Managed System configuration inside OpenIAM /webconsole section you should set Login ID, which will be used as a\\nservice account for OpenIAM. To avoid confusion between the AD and OpenIAM definition, a service account is a regular\\nuser account inside Active Directory that has permissions to perform operations that you need to do using the connector.\"), mdx(\"p\", null, mdx(\"em\", {\n parentName: \"p\"\n }, \"Please note\"), \" that service account should be set to include your domain name. For example, 'openiamtest\\\\serviceAccount'\"), mdx(\"p\", null, \"The connector will perform all operations on behalf of the user that you specify.\\nFor POC scenarios and test environments you can simply add your user to administrative groups so the connector would not\\nbe restricted to do any actions. For a production environment you should consider a particular permission set for this\\naccount.\"), mdx(\"p\", null, \"As an example, you can use Delegation control to give your service account permissions for a given OU. To do this you\\ncan select your OU inside ADUC (Active Directory Users and Computers) by right clicking and picking the Delegation\\ncontrol wizard like shown below.\"), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"990px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.1/static/4fe222c26fb102f6722cba5c84a00520/7a3d6/4-adpowershell-01-service-account-permissions.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"77.99227799227799%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAQCAYAAAAWGF8bAAAACXBIWXMAABYlAAAWJQFJUiTwAAACTUlEQVQ4y3VU13LbMBDk/39U8pSXzMQWC9jBLvYCUhItyx5t5s6m4qLczBIAQeztFUJrqhpN3UBNCtM4Yeh7VFWFZVlAdr1evwHYRty+ITufL9DmeYbnuij3JSIpkSYJ1vUJr6+vuGf3HQBFKnEYa2j0oihyRFEMQzdg2zbatkPbtuj7nud1XfN8HCdccd8s/RG1/wva+XwG4Xg8Yl1XrOsJy7xwyF9xOBxY/dPTd6h5wem4QFNqQpIk2D0+YrfTYQkbpmnCdhxWK4SNOE4wDCO6vudxGAZGPwzoug5d12OaJozTRIQKlMcwDCEswaGHgWQnUko4toNIRoxiX+J0OjGOxxOrfX5+xn6/xziOIC6NmIkwZpUPsEwLliVgGiYM0+KKk5qiKDifdJi6oq4orwOnKwgCVveJMJSSQ5QyQhiEPAZBiCzLkGX5pzb5aJfLBXmef1eYpilMw+CwPT/gUVhv+avrBv8zcjQpxVHcCJWa2YsQglvHMEye28JGGEqUZQkZSlZKIW6VfXl5YVCLfSFUrIJCdBwXnufBcRx4ng/XdWGaFsMSAr4fMGiP8to0Def2FjI9yIPv+Vzpt9wFiKIItu0gjmPuv/m9F+n7DSRmw7bWtgn1ExFvoPXm/fPhf3P1TrTt30KePmx8xPaH0MFlVljmGbN6I6JCzvM/Ilqzwq3rv4L+CsoRXRZF2cCO9hBhhqhoUdUN0jRBnhdou46LRl1CEWn3lBHoMnBdD8ZuBzcq8ONPgJ+/LTyEFeKsgKHvuIBEQreUruss4C+fQa6Y9ys5ZwAAAABJRU5ErkJggg==')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"Delegation control for service account\",\n \"title\": \"Delegation control for service account\",\n \"src\": \"/docs-2026.5.1/static/4fe222c26fb102f6722cba5c84a00520/7a3d6/4-adpowershell-01-service-account-permissions.png\",\n \"srcSet\": [\"/docs-2026.5.1/static/4fe222c26fb102f6722cba5c84a00520/a2ead/4-adpowershell-01-service-account-permissions.png 259w\", \"/docs-2026.5.1/static/4fe222c26fb102f6722cba5c84a00520/6b9fd/4-adpowershell-01-service-account-permissions.png 518w\", \"/docs-2026.5.1/static/4fe222c26fb102f6722cba5c84a00520/7a3d6/4-adpowershell-01-service-account-permissions.png 990w\"],\n \"sizes\": \"(max-width: 990px) 100vw, 990px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Limiting connector scope\")), mdx(\"p\", null, \"It is strongly recommended that service accounts should have \", mdx(\"em\", {\n parentName: \"p\"\n }, \"only required\"), \" set of permissions. That means if, for\\nexample, the connector is used to one-way sync from AD, the service account should not be given permission to write to\\nAD. Permissions for service accounts are being controlled on the Active Directory side (for example, by applying\\npermission delegation).\"), mdx(\"p\", null, \"However, as an additional tool for safety, you may use \", mdx(\"em\", {\n parentName: \"p\"\n }, \"PermittedDN\"), \" parameter on the managed system level. If this\\nsetting is set, the connector would skip all 'ADD' operations if a new object should be created outside this (\\nPermittedDN) or sub-OU. Also, all 'MODIFY' operations would be stopped if the object that is going to be modified is\\nlocated outside of PermittedDN (or sub-OU). In both cases the connector would return 'FAIL' status containing\\nappropriate message.\"), mdx(\"h1\", null, \"Provisioning identities\"), mdx(\"p\", null, \"The AD PowerShell connector supports working with following identities:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Users\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Groups\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Computers\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"File shares\")), mdx(\"p\", null, \"This document describes parameters that could be sent to the connector to modify certain attributes inside Active\\nDirectory. Each parameter is described in detail.\"), mdx(\"h2\", null, \"User provisioning\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Principal\"), \" - SamAccountName\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Parameter\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Description\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Required\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Type\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Name\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the name of the object. This parameter sets the Name property of a user object. The LDAP display name (ldapDisplayName) of this property is name.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Yes\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"AccountExpirationDate\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The LDAP display name (ldapDisplayName) for this property is accountExpires. Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"DateTime, for example \\\"10/18/2018\\\"\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"AccountNotDelegated\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Indicates whether the security context of the user is delegated to a service. When this parameter is set to $True, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute. Note \\u2013 checking this parameter back requires UAC int attribute (NOT_DELEGATED) converting back. There is no PowerShell parameter that is appropriate for this provisioning attribute\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"AccountPassword\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies a new password value for an account. User accounts, by default, are created without a password. If you provide a password, an attempt will be made to set that password however, this can fail due to password policy restrictions. To have the new account enabled you should set AccountPassword and Enabled attribute both.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No if account inititially not supposed to be enabled, Yes if it should be enabled\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"AllowReversiblePasswordEncryption\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Indicates whether reversible password encryption is allowed for the account. This parameter sets the AllowReversiblePasswordEncryption property of the account. This parameter also sets the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag of the Active Directory User Account Control (UAC) attribute\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"CannotChangePassword\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Indicates whether the account password can be changed. This parameter sets the CannotChangePassword property of an account.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"ChangePasswordAtLogon\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Indicates whether a password must be changed during the next logon attempt.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"City\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's town or city. This parameter sets the City property of a user object. The LDAP display name (ldapDisplayName) of this property is l.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Company\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's company. This parameter sets the Company property of a user object. The LDAP display name (ldapDisplayName) of this property is company.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Country\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the country or region code for the user's language of choice. This parameter sets the Country property of a user object. The LDAP display name (ldapDisplayName) of this property is c.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Department\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's department. This parameter sets the Department property of a user object. The LDAP display name (ldapDisplayName) of this property is department.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Description\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies a description of the object. This parameter sets the value of the Description property for the user object. The LDAP display name (ldapDisplayName) for this property is description.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"DisplayName\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the display name of the object. This parameter sets the DisplayName property of the user object. The LDAP display name (ldapDisplayName) for this property is displayName.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Division\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's division. This parameter sets the Division property of a user object. The LDAP display name (ldapDisplayName) of this property is division.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"EmailAddress\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's e-mail address. This parameter sets the EmailAddress property of a user object. The LDAP display name (ldapDisplayName) of this property is mail.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"EmployeeID\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's employee ID. This parameter sets the EmployeeID property of a user object. The LDAP display name (ldapDisplayName) of this property is employeeID.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"EmployeeNumber\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's employee number. This parameter sets the EmployeeNumber property of a user object. The LDAP display name (ldapDisplayName) of this property is employeeNumber.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Enabled\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Fax\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's fax phone number. This parameter sets the Fax property of a user object. The LDAP display name (ldapDisplayName) of this property is facsimileTelephoneNumber.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"FolderName\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"The path to the local folder that should be created or modified for provisioned user. This attribute can work in tandem with the Permissions attribute that sets NTFS permissions to current FolderName.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String C:\", \"\\\\\", \"TestFolder\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"GivenName\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's given name. This parameter sets the GivenName property of a user object. The LDAP display name (ldapDisplayName) of this property is givenName.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"MemberOf\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"The list of groups distinguished names to which the current user should belong. Contains the dictionary of Key-Value pairs. Key \\u2013 Distinguished name (DN) of the group for the operation. Value \\u2013 'add' or 'nochange' or 'delete'. On user creation only add or nochange values are accepted and mean the same.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Dictionary of Key-Value\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"HomeDirectory\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies a user's home directory. This parameter sets the HomeDirectory property of a user object. The LDAP display name (ldapDisplayName) for this property is homeDirectory.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"HomeDrive\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies a drive that is associated with the UNC path defined by the HomeDirectory property. The drive letter is specified as DriveLetter: where DriveLetter indicates the letter of the drive to associate. TheDriveLetter must be a single, uppercase letter and the colon is required. This parameter sets the HomeDrive property of the user object. The LDAP display name (ldapDisplayName) for this property is homeDrive.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"HomePage\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the URL of the home page of the object. This parameter sets the homePage property of a user object. The LDAP display name (ldapDisplayName) for this property is wWWHomePage.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"HomePhone\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's home telephone number. This parameter sets the HomePhone property of a user object. The LDAP display name (ldapDisplayName) of this property is homePhone.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Initials\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the initials that represent part of a user's name. You can use this value for the user's middle initial. This parameter sets the Initials property of a user object. The LDAP display name (ldapDisplayName) of this property is initials. Maximum default attribute length on AD side is 6 symbols\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"KerberosEncryptionType\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether an account supports Kerberos encryption types which are used during the creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. Possible values for this parameter are: DES, RC4, AES128, AES256. None removes all encryption types from the account, resulting in the KDC being unable to issue service tickets for services using the account. DES is a weak encryption type that is not supported by default since Windows 7 and Windows Server 2008 R2. Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore, any changes to the flag on the msDS-SupportedEncryptionTypes attribute are overwritten by the service or system that manages the setting.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String, one of the ones set in description\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"LogonWorkstations\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the computers that the user can access. To specify more than one computer, create a single comma-separated list. You can identify a computer by using the Security Account Manager (SAM) account name (sAMAccountName) or the DNS host name of the computer. The SAM account name is the same as the NetBIOS name of the computer. The LDAP display name (ldapDisplayName) for this property is userWorkStations.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String or multiple strings separated by comma (','), without whitespaces at separator\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Manager\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Sets manager for specified user. Contains samaccountname of the manager that should be set for the user. It is allowed to have just one manager for a user.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String (samaccountname)\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"MobilePhone\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's mobile phone number. This parameter sets the MobilePhone property of a user object. The LDAP display name (ldapDisplayName) of this property is mobile.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Office\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the location of the user's office or place of business. This parameter sets the Office property of a user object. The LDAP display name (ldapDisplayName) of this property is office.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"OfficePhone\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's office telephone number. This parameter sets the OfficePhone property of a user object. The LDAP display name (ldapDisplayName) of this property is telephoneNumber.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Organization\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's organization. This parameter sets the Organization property of a user object. The LDAP display name (ldapDisplayName) of this property is o.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"OtherName\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies a name in addition to a user's given name and surname, such as the user's middle name. This parameter sets the OtherName property of a user object. The LDAP display name (ldapDisplayName) of this property is middleName.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"POBox\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's post office box number. This parameter sets the POBox property of a user object. The LDAP display name (ldapDisplayName) of this property is postOfficeBox.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"PasswordNeverExpires\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether the password of an account can expire. This parameter sets the PasswordNeverExpires property of an account object. This parameter also sets the ADS_UF_DONT_EXPIRE_PASSWD flag of the Active Directory User Account Control attribute.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"PasswordNotRequired\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether the account requires a password. A password is not required for a new account. This parameter sets the PasswordNotRequired property of an account object.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Path\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. If no Path is set \\u2013 BaseDN parameter will be used. Note! If OpenIAM sends new Path to existing user, the connector will try to move the object. However, movement would not be successful if the object is protected from accidental deletion (protection on Microsoft side). Please also note that if you change Path, AD will set new DN for your user like CN={NAME},{NEW_PATH}\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String. Example: OU=TestUsers,DC=DC1,DC=local\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Permissions\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Is applied only if folderName parameter is set. It's the set of Key-Value pairs where the Key is the text value of one of the following enum values: \", mdx(\"a\", {\n parentName: \"td\",\n \"href\": \"https://docs.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights?view=netframework-3.5\"\n }, \"https://docs.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights?view=netframework-3.5\"), \" And the Value is one of 'add', 'delete'\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Dictionary of Key-Value\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"PostalCode\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's postal code or zip code. This parameter sets the PostalCode property of a user object. The LDAP display name (ldapDisplayName) of this property is postalCode.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"PrincipalsAllowedToDelegateToAccount\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies an array of principal objects. This parameter sets the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of a computer account object. Warning: by default the connector supports sending one principal, however that behavior could be extended by demand.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String (samaccountname)\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"ProfilePath\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies a path to the user's profile. This value can be a local absolute path or a Universal Naming Convention (UNC) path. This parameter sets the ProfilePath property of the user object. The LDAP display name (ldapDisplayName) for this property is profilePath.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"SamAccountName\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"ScriptPath\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies a path to the user's log on script. This value can be a local absolute path or a Universal Naming Convention (UNC) path. This parameter sets the ScriptPath property of the user object. The LDAP display name (ldapDisplayName) for this property is scriptPath.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"SmartcardLogonRequired\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether a smart card is required to log on. This parameter sets the SmartCardLoginRequired property for a user object. This parameter also sets the ADS_UF_SMARTCARD_REQUIRED flag of the Active Directory User Account Control attribute.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"State\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's or Organizational Unit's state or province. This parameter sets the State property of a user object. The LDAP display name (ldapDisplayName) of this property is st.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"StreetAddress\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's street address. This parameter sets the StreetAddress property of a user object. The LDAP display name (ldapDisplayName) of this property is streetAddress.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Surname\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's last name or surname. This parameter sets the Surname property of a user object. The LDAP display name (ldapDisplayName) of this property is sn.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Title\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user's title. This parameter sets the Title property of a user object. The LDAP display name (ldapDisplayName) of this property is title.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"TrustedForDelegation\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Indicates whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"UserPrincipalName\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies a user principal name (UPN) in the format user@DNS-domain-name. A UPN is a friendly name assigned by an administrator that is shorter than the LDAP distinguished name used by the system and easier to remember. The UPN is independent of the user object's distinguished name, so a user object can be moved or renamed without affecting the user logon name. When logging on using a UPN, users no longer have to choose a domain from a list on the log on dialog box.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String. Example user@DNS-domain-name\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"SMBFileServerAddress\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"If you need to set SMB permissions to some folder for this user - this is the file server address\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"DNS Hostname\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"SMBShareName\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"If you need to set SMB permissions to some folder for this user - this is the Name of the SMB file share on the target server above\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"DNS Hostname\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"SMBPermissionsSet\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Contains JSON descriptions of permissions that need to be merged with current permissions. Example: \", \"[{\\\"Operation\\\": \\\"Grant\\\",\\\"AccountName\\\": \\\"SomeUser\\\",\\\"AccessRight\\\": \\\"Read\\\"}, {\\\"Operation\\\": \\\"Grant\\\", \\\"AccountName\\\":\\\"Alex\\\", \\\"AccessRight\\\":\\\"Read\\\"}]\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"JSON\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"SMBOverwriteWithPermissions\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Contains JSON descriptions of permissions that need to overwrite with current permissions. If both this SMBPermissionsSet attribute is set, this attribute will be taken into account and SMBPermissionsSet will be ignored. Example: \", \"[{\\\"Operation\\\": \\\"Grant\\\",\\\"AccountName\\\": \\\"SomeUser\\\",\\\"AccessRight\\\": \\\"Read\\\"}, {\\\"Operation\\\": \\\"Grant\\\", \\\"AccountName\\\":\\\"Alex\\\", \\\"AccessRight\\\":\\\"Read\\\"}]\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"JSON\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Certificates\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"This attribute allows you to manage certificates for a specific user (that is, assign or delete certificates). Also, it must contain the Base64 format of the certificate in one line, without the headers '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----', spaces, and new lines. The certificate itself must be an X.509v3 certificate. \", mdx(\"strong\", {\n parentName: \"td\"\n }, \"Note:\"), \" to delete all certificates from a user, this attribute must be empty and the DELETE operation.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")))), mdx(\"h2\", null, \"Group provisioning\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Principal\"), \" - SamAccountName\"), mdx(\"p\", null, \"To add the new group, OpenIAM should send two attributes:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Name\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"GroupScope (DomainLocal or Global or Universal)\")), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Parameter\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Description\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Required\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Type\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Name\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP display name (ldapDisplayName) of this property is name.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Yes\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"GroupScope\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the scope of the group. The acceptable values for this parameter are: DomainLocal, Universal, Global. This parameter sets the GroupScope property of a group object to the specified value. The LDAP display name of this property is groupType.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Yes\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"MemberOf\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Key-Value pair, sets the groups in which the current group should be added.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Key-Value\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Description\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies a description of the object. This parameter sets the value of the Description property for the object. The Lightweight Directory Access Protocol (LDAP) display name (ldapDisplayName) for this property is description.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"DisplayName\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the display name of the object. The LDAP display name (ldapDisplayName) for this property is displayName.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"GroupCategory\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the category of the group. The acceptable values for this parameter are: Distribution, Security. This parameter sets the GroupCategory property of the group. This parameter value combined with other group values sets the LDAP display name (ldapDisplayName) attribute named groupType.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"HomePage\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP display name (ldapDisplayName) for this property is wWWHomePage.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Instance\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies an instance of a group object to use as a template for a new group object. You can use an instance of an existing group object as a template or you can construct a new group object.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Members\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Should contain key-value pair if you need to input some members inside the current group. Key \\u2013 Distinguished name of the object (user) for the operation. Value \\u2013 'add' or 'nochange' or 'delete'. On user creation only add or nochange values are accepted and mean the same (adding the member for the current group)\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Key-Value\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"ManagedBy\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: A distinguished name; A GUID (objectGUID); A security identifier (objectSid); SAM account name (sAMAccountName)\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Path\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the destination Path in DistinguishedName format for the newly created object\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"SamAccountName\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 20 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")))), mdx(\"h3\", null, \"OpenIAM configuration\"), mdx(\"p\", null, \"To enable group provisioning add group provision filed to the managed system. Go to \", mdx(\"em\", {\n parentName: \"p\"\n }, \"Webconsole\"), \" -> \", mdx(\"em\", {\n parentName: \"p\"\n }, \"Provisioning\"), \" ->\\n\", mdx(\"em\", {\n parentName: \"p\"\n }, \"Connectors\"), \" -> \", mdx(\"em\", {\n parentName: \"p\"\n }, \"AD Powershell CONNECTOR\"), \" -> \", mdx(\"em\", {\n parentName: \"p\"\n }, \"Connector configuration\"), \"\\nand set checkboxes in front of:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Base DN for Group\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Object Primary Key for Group\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Search Base DN for Group\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Search Filter for Group\")), mdx(\"p\", null, \"Save changes. Go to managed system edit page and populate new fields for group, save changes. Make sure that you have policy map for group object, if not - create one, use out of the box managed system to copy policy map.\"), mdx(\"p\", null, \"Now each group linked with the AD managed system will be identity generated and will be provisioned to AD.\"), mdx(\"h2\", null, \"Computer provisioning\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Principal\"), \" - SamAccountName\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Parameter\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Description\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Required\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Type\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Name\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the name of the object. This parameter sets the Name property of the Active Directory object. The LDAP display name (ldapDisplayName) of this property is name.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Yes\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"AccountExpirationDate\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the expiration date for an account. When you set this parameter to 0, the account never expires. This parameter sets the AccountExpirationDate property of an account object. The Lightweight Directory Access Protocol (LDAP) display name (ldapDisplayName) for this property is accountExpires. Use the DateTime syntax when you specify this parameter. Time is assumed to be local time unless otherwise specified. When a time value is not specified, the time is assumed to 12:00:00 AM local time. When a date is not specified, the date is assumed to be the current date.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"DateTime, for example \\\"10/18/2018\\\"\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"AccountNotDelegated\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether the security context of the user is delegated to a service. When this parameter is set to true, the security context of the account is not delegated to a service even when the service account is set as trusted for Kerberos delegation. This parameter sets the AccountNotDelegated property for an Active Directory account. This parameter also sets the ADS_UF_NOT_DELEGATED flag of the Active Directory User Account Control (UAC) attribute.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"AllowReversiblePasswordEncryption\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether reversible password encryption is allowed for the account. This parameter sets the AllowReversiblePasswordEncryption property of the account. This parameter also sets the ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED flag of the Active Directory User Account Control (UAC) attribute.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"AuthenticationPolicy\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies an Active Directory Domain Services authentication policy object. Specify the authentication policy object in one of the following formats: A distinguished Name; A GUID; A name;\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"AuthenticationPolicySilo\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies an Active Directory Domain Services authentication policy silo object. Specify the authentication policy silo object in one of the following formats: A distinguished name; A GUID; A name;\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"CannotChangePassword\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether the account password can be changed. This parameter sets the CannotChangePassword property of an account.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"ChangePasswordAtLogon\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether a password must be changed during the next log on attempt.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"CompoundIdentitySupported\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether an account supports Kerberos service tickets which includes the authorization data for the user's device. This value sets the compound identity supported flag of the Active Directory msDS-SupportedEncryptionTypes attribute. Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore, any changes to the flag on the msDS-SupportedEncryptionTypes attribute is overwritten by the service or system which manages the setting.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"DNSHostName\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the fully qualified domain name (FQDN) of the computer. This parameter sets the DNSHostName property for a computer object. The LDAP display name for this property is dNSHostName.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Description\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies a description of the object. This parameter sets the value of the Description property for the object. The LDAP display name (ldapDisplayName) for this property is description.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"DisplayName\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the display name of the object. This parameter sets the DisplayName property of the object. The LDAP display name (ldapDisplayName) for this property is displayName.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Enabled\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies if an account is enabled. An enabled account requires a password. This parameter sets the Enabled property for an account object. This parameter also sets the ADS_UF_ACCOUNTDISABLE flag of the Active Directory User Account Control (UAC) attribute.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"HomePage\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the URL of the home page of the object. This parameter sets the homePage property of an Active Directory object. The LDAP display name (ldapDisplayName) for this property is wWWHomePage.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"KerberosEncryptionType\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether an account supports Kerberos encryption types which are used during the creation of service tickets. This value sets the encryption types supported flags of the Active Directory msDS-SupportedEncryptionTypes attribute. The acceptable values for this parameter are: None; DES; RC4; AES128; AES256. None will remove all encryption types from the account which may result in the KDC being unable to issue service tickets for services using the account. DES is a weak encryption type which is not supported by default since Windows 7 and Windows Server 2008 R2. Warning: Domain-joined Windows systems and services such as clustering manage their own msDS-SupportedEncryptionTypes attribute. Therefore any changes to the flag on the msDS-SupportedEncryptionTypes attribute is overwritten by the service or system which manages the setting.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Location\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the location of the computer, such as an office number. This parameter sets the Location property of a computer. The LDAP display name (ldapDisplayName) of this property is location.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"ManagedBy\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the user or group that manages the object by providing one of the following property values. Note: The identifier in parentheses is the LDAP display name for the property. The acceptable values for this parameter are: A distinguished name; A GUID (objectGUID); A security identifier (objectSid); A SAM account name (sAMAccountName). This parameter sets the Active Directory attribute with an LDAP display name of managedBy.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"OperatingSystem\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies an operating system name. This parameter sets the OperatingSystem property of the computer object. The LDAP Display Name (ldapDisplayName) for this property is operatingSystem.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"OperatingSystemHotfix\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies an operating system hotfix name. This parameter sets the operatingSystemHotfix property of the computer object. The LDAP display name for this property is operatingSystemHotfix.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"OperatingSystemServicePack\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the name of an operating system service pack. This parameter sets the OperatingSystemServicePack property of the computer object. The LDAP display name (ldapDisplayName) for this property is operatingSystemServicePack.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"OperatingSystemVersion\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies an operating system version. This parameter sets the OperatingSystemVersion property of the computer object. The LDAP display name (ldapDisplayName) for this property is operatingSystemVersion.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"PasswordNeverExpires\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether the password of an account can expire. This parameter sets the PasswordNeverExpires property of an account object. This parameter also sets the ADS_UF_DONT_EXPIRE_PASSWD flag of the Active Directory User Account Control attribute.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"PasswordNotRequired\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether the account requires a password. This parameter sets the PasswordNotRequired property of an account, such as a user or computer account. This parameter also sets the ADS_UF_PASSWD_NOTREQD flag of the Active Directory User Account Control attribute.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Path\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the X.500 path of the Organizational Unit (OU) or container where the new object is created. If no Path is set \\u2013 BaseDN parameter will be used\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String (DN format)\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"SAMAccountName\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the Security Account Manager (SAM) account name of the user, group, computer, or service account. The maximum length of the description is 256 characters. To be compatible with older operating systems, create a SAM account name that is 15 characters or less. This parameter sets the SAMAccountName for an account object. The LDAP display name (ldapDisplayName) for this property is sAMAccountName. Note: If the SAMAccountName string provided does not end with a $, a $ will be appended if needed.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"TrustedForDelegation\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies whether an account is trusted for Kerberos delegation. A service that runs under an account that is trusted for Kerberos delegation can assume the identity of a client requesting the service. This parameter sets the TrustedForDelegation property of an account object. This value also sets the ADS_UF_TRUSTED_FOR_DELEGATION flag of the Active Directory User Account Control attribute.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"UserPrincipalName\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies a user principal name (UPN) in the format user@DNS-domain-name. A UPN is a friendly name assigned by an administrator that is shorter than the LDAP distinguished name used by the system and easier to remember. The UPN is independent of the user object's distinguished name, so a user object can be moved or renamed without affecting the user log on name. When logging on using a UPN, users no longer have to choose a domain from a list on the log on dialog box.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String. Example: user@DNS-domain-name\")))), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Attention!\"), \" While working with a computer object in Active Directory it is important to take into account that the\\nMicrosoft side will put $ at the end of any computer samaccountname. As samaccountname is used as principal name and its\\nvalue could also be used in some other managed systems - OpenIAM stores and handles it as normal value. When OpenIAM\\nsends request to the connector, the connector can see that this request is regarding the AD computer object and will\\nadd $ at the end of samaccountname automatically. So, OpenIAM will operate identity with samaccountname 'value' while\\nconnector will silently be transforming it to 'value$' and will process all other requested operations.\"), mdx(\"h2\", null, \"FileShares provisioning\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Principal\"), \" - UNCPath\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Parameter\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Description\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Required\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Type\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Type\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Should be equal to 'fileshare' - it will tell connector that this GROUP request should be treated as a fileshare.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Yes\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Name\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the name of the object. This is a unique name that will identify this share within the target share server. There could be no duplication of this attribute on the same file share server.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Yes\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Path\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"The physical path on the target file share server where the share will be located. If the path does not exist, the connector will create it even with nested sub-folders (if supplied credentials have sufficient permissions).\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Yes\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"FileServerAddress\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"The network address of the file server. Could be either IP or DNS hostname. Please note, that for running remoting operations in an AD environment you should preferably use DNS names.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Yes\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String, like dc1.openiamdemo.com\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"UNCPath\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Plays ID role for OpenIAM. Represents the network name like \", \"\\\\\", \"dc12.openiamtest.local\\\\FileShare\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Yes\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String, like on description example\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Description\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies an optional description of the SMB share. A description of the share is displayed by running the Get-SmbShare cmdlet. The description may not contain more than 256 characters. The default value is an empty description.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"CachingMode\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the caching mode of the offline files for the SMB share. There are five caching modes: None. Prevents users from storing documents and programs offline.; Manual. Allows users to identify the documents and programs they want to store offline.; Programs. Automatically stores documents and programs offline.; Documents. Automatically stores documents offline.; BranchCache. Enables BranchCache and manual caching of documents on the shared folder.;\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String, one of described\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"PublishedLDAPPath\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Optionally applied for Windows Active directory environment. Share link could be published in AD and this should be the LDAP path like LDAP://OU=Australia,DC=openiamtest,DC=local\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String, like on description example\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"PreviousPublishedLDAPPath\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"This attribute is used if we need to move the value of PublishedLDAPPath from one location to another one. In this case PublishedLDAPPath (above attribute) should contain the new destination location, while this attribute (PreviousPublishedLDAPPath) should contain the current location from where we are going to move the record in AD. This attribute only works if PublushedLDAPPath attribute is set and Operation code for that attribute is 2 (replace). Example LDAP://OU=Australia,DC=openiamtest,DC=local\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"String, like on description example\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"ConcurrentUserLimit\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Specifies the set of share permissions that needs to be assigned to the share. This is a JSON string that contains the following values: Operation - either 'Grant' or 'Revoke'; AccountName - samaccountname of the target user or the special names like 'Everyone'; AccessRight - one of 'Full', 'Change', 'Read'. While 'Change' permission allows read/execute/write/delete folders/files, 'Full' permission would additionally allow to manage permissions. NB! Share permissions are combined with NTFS permissions (the most restrictive permissions are applied).; If OverwriteWithPermissions attribute is not set - PermissionsSet will be applied to existing permissions and will owerwrite matching permissions with appending new ones. However, it will not remove existing permissions. Example: \", \"[{\\\"Operation\\\": \\\"Grant\\\",\\\"AccountName\\\": \\\"SomeUser\\\",\\\"AccessRight\\\": \\\"Read\\\"}, {\\\"Operation\\\": \\\"Grant\\\", \\\"AccountName\\\":\\\"Alex\\\", \\\"AccessRight\\\":\\\"Read\\\"}]\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"JSON array string\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"OverwriteWithPermissions\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"If set to 'True' - will remove all existing permissions for the shared folder and will set the default permission set. And only after this will apply PermissionsSet if it is present (or will leave default permissions set if not). This attribute would not work if DefaultPermissionsSet is not set.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"True, False\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"DefaultPermissionsSet\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Works like PermissionsSet attribute, but is being applied if OverwriteWithPermissions is set. This is the set of default permissions to share the object. This attribute would not work if OverwriteWithPermissions is not set to 'True'. Example: \", \"[{\\\"Operation\\\": \\\"Grant\\\",\\\"AccountName\\\": \\\"SomeUser\\\",\\\"AccessRight\\\": \\\"Read\\\"}, {\\\"Operation\\\": \\\"Grant\\\", \\\"AccountName\\\":\\\"Alex\\\", \\\"AccessRight\\\":\\\"Read\\\"}]\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"No\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"JSON array string\")))), mdx(\"h1\", null, \"Synchronization\"), mdx(\"h2\", null, \"Synchronizing AD users\"), mdx(\"p\", null, \"Running synchronization is very similar to performing PowerShell queries targeted to AD. In most cases it leverages\\nfunctionality\\nof \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-aduser\"\n }, \"Get-ADUser\"), \", \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adgroup\"\n }, \"Get-ADGroup\"), \"\\nor \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adcomputer\"\n }, \"Get-ADComputer\"), \" cmdlets.\"), mdx(\"h3\", null, \"General query execution logic\"), mdx(\"p\", null, \"OpenIAM sends the query to the connector to execute the list of attributes it expects to receive.\\nThe query result on the connector side is being treated as a key-values pair. When this key-values pair is formed, the\\nconnector makes a match between attributes that were requested from OpenIAM and keys available. If the key is matched (\\ncase-insensitive) the value(s) will be returned to OpenIAM.\\nIf the key is not found, but attribute was requested the attribute value will be returned as null.\"), mdx(\"p\", null, \"While running search requests the connector should be authenticated against AD using service account. Therefore, the\\nquery, even being almost identical to PowerShell queries, is being evaluated on the connector side and modified to real\\nPowerShell commands. The connector leaves your ability to run pure PowerShell requests, but also offers simplified\\nsyntax that is described below.\"), mdx(\"p\", null, \"In all examples below we will\\nuse \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-aduser\"\n }, \"Get-ADUser\"), \" cmdlet, however same\\nexamples could be used with replacement\\nof \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-aduser\"\n }, \"Get-ADUser\"), \"\\nto \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adgroup\"\n }, \"Get-ADGroup\"), \"\\nor \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adcomputer\"\n }, \"Get-ADComputer\"), \".\"), mdx(\"h3\", null, \"Returned attributes\"), mdx(\"p\", null, \"If query does not contain -Properties parameter, the basic attributes that connector will get from AD are:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"DistinguishedName\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Enabled\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"GivenName\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Name\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"ObjectClass\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"ObjectGUID\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"SamAccountName\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"SID\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Surname\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"UserPrincipalName\")), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Getting extra attributes\"), \". To add extra attributes you need to specify \", mdx(\"em\", {\n parentName: \"p\"\n }, \"'-Properties X,Y,Z'\"), \" or \", mdx(\"em\", {\n parentName: \"p\"\n }, \"'-Properties \", \"*\", \"'\"), \"\\nparameter where X, Y, Z are required attributes in a comma separated list. If you need all attributes to be returned,\\nyou can specify \", mdx(\"em\", {\n parentName: \"p\"\n }, \" instead of specifying particular attributes. But you should note that querying all attributes using \"), \"\\nsignificantly decreases performance and there are not a lot of use cases when you really need everything from the user\\nprofile. So, it is recommended to always specify only those attributes that you need.\"), mdx(\"p\", null, \"A full query example would look like:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-ADUser -Filter * -Properties Mail,WhenCreated\\n\")), mdx(\"p\", null, \"The query above would search for all users inside AD (or inside SearchBaseDN) and will be able to get a basic set of\\nattributes (described above) + Mail and WhenCreated.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-ADUser -Filter * -Properties *\\n\")), mdx(\"p\", null, \"The query above would search for all users inside AD (or inside SearchBaseDN) and will be able to get all attributes\\nfrom user profile. This could be very slow and RAM consuming if there are lots of users in AD.\"), mdx(\"h3\", null, \"Query syntax\"), mdx(\"p\", null, \"You can run a direct query using syntax described\\nat \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-aduser\"\n }, \"Get-ADUser\"), \", \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adgroup\"\n }, \"Get-ADGroup\"), \"\\nor \", mdx(\"a\", {\n parentName: \"p\",\n \"href\": \"https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adcomputer\"\n }, \"Get-ADComputer\"), \" cmdlets.\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Please note\"), \" that you do not need to specify \", mdx(\"em\", {\n parentName: \"p\"\n }, \"'Server'\"), \" and \", mdx(\"em\", {\n parentName: \"p\"\n }, \"'Credential'\"), \" parameters because the connector already\\nhandles connection himself.\"), mdx(\"p\", null, \"If you specify the 'Filter' parameter and do not specify 'SearchBase', the 'SearchBase' value will be set to '\\nSearchBaseDN' setting inside your managed system page.\"), mdx(\"p\", null, \"Query examples:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-ADUser -Filter *\\n\")), mdx(\"p\", null, \"Query above gets all users from AD, but if SearchBaseDN is set - the scope will be limited to SearchBaseDN like\\ndescribed above.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PoaerShell\"\n }, \"Get-ADUser -Identity 'SamAccountName or SID, GUID or DN' -Properties *\\n\")), mdx(\"p\", null, \"Sometimes it is good to synchronize a single user - this scenario is usually being used to test sync processes, for\\ndemonstrations and validating functionality.\\nIn this case the query could be used like above.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-ADUser -Filter {Surname -eq 'Potter'}\\n\")), mdx(\"p\", null, \"The query above would select all users with surname 'Potter'. Search would be limited to SearchBaseDN, because we have\\nnot specified it \", mdx(\"em\", {\n parentName: \"p\"\n }, \"AND\"), \" the search query contains -Filter parameter. We could override SearchBaseDN by setting the\\nSearchBase parameter. If we do it, query would look like:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-ADUser -Filter {Surname -eq 'Potter'} -SearchBase 'DC=openiamtest,DC=local'\\n\")), mdx(\"p\", null, \"If you run other queries than having 'Filter' parameter inside, you will not be limited to SearchBaseDN.\"), mdx(\"p\", null, \"For example, one common scenario is filtering users that were modified after a certain date:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-ADUser -LDAPFilter '(whenChanged>=20200726000000.0Z)' -Properties whenChanged\\n\")), mdx(\"p\", null, \"Here the whenChanged attribute is specified in YYYYMMDD (+hours, min), so the query would return all users that were\\nmodified after the 26th of July 2020.\"), mdx(\"p\", null, \"Sometimes it could be useful to sync user objects only from certain locations inside AD. -Search base parameter accepts\\nonly one location, but you can add filtering inside your query.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-ADUser -Filter * -Properties property1,property2 | Where-Object {$_.DistinguishedName -like '*OU=SomeOU1,DC=openiamtest,DC=local' -or $_.DistinguishedName -like '*OU=SomeOU2,DC=openiamtest,DC=local'}\\n\")), mdx(\"p\", null, \"Such request would get all users inside AD, but will filter and return only users whose DistinguishedName ends with\\ngiven locations. So, it will also include child locations. Some of you may say that for pure PowerShell the query above\\ndoes not look optimal, and it would be optimal to pass the required location to the pipeline and run Get-ADUser for\\nthose locations only. But the connector does some modifications for the queries before the run, so that method would not\\nbe possible. At the same time, filtering will help reach your aim.\"), mdx(\"h3\", null, \"Synchronizing AD group memberships\"), mdx(\"p\", null, \"Group memberships are synchronized using user synchronization. To get information about groups in which a current user\\nis a member you need to include the \", mdx(\"em\", {\n parentName: \"p\"\n }, \"memberOf\"), \" attribute inside your request. For example:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-ADUser -Filter * -Properties memberOf\\n\")), mdx(\"p\", null, \"Alternatively, you can use * to grab all possible properties instead of specifying memberOf. However, as it was\\ndescribed before, it greatly decreases performance.\"), mdx(\"p\", null, mdx(\"strong\", {\n parentName: \"p\"\n }, \"Primary group membership\"), \" - Active Directory by its design does not return primary group membership inside memberOf\\nattribute. In an absolute majority of cases the primary group for all users is 'Domain Users'. However, if in your\\nscenario you need for some reason to sync the primary group membership for your user you need to include the '\\nPrimaryGroup' attribute inside your request. So, our request would look like:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-ADUser -Filter * -Properties memberOf, PrimaryGroup\\n\")), mdx(\"h3\", null, \"OpenIAM configuration for AD user sync.\"), mdx(\"p\", null, \"OpenIAM supplies out of the box configuration named 'AD Powershell USER Example'.\"), mdx(\"h2\", null, \"Synchronizing AD groups\"), mdx(\"p\", null, \"AD groups synchronization is performed in the same way as AD users synchronization. You can take the above chapter as an\\nexample and just replace 'Get-ADUser' to 'Get-ADGroup' expressions inside the filter.\"), mdx(\"p\", null, \"Getting all AD distribution groups:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-ADGroup -Filter 'groupcategory -eq \\\"Distribution\\\"'\\n\")), mdx(\"p\", null, \"Gettiing all security groups in certain location:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-ADGroup -Filter 'groupcategory -eq \\\"Security\\\"' -SearchBase 'CN=Users,DC=openiamtest,DC=local'\\n\")), mdx(\"h3\", null, \"Attributes that are returned by AD Group sync\"), mdx(\"p\", null, \"If you run requests like above, the connector would return the following set of attributes which are default for the AD\\nGroup object:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"DistinguishedName\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"GroupCategory - (Security, Distribution)\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"GroupScope - (DomainLocal, Global, Universal)\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Name - the name of the group that usually acts as principal for group object provisioning in AD\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"ObjectClass - always group\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"ObjectGUID - unique identifier of the group, for example 'd8168b10-f45e-43f4-bd9c-37a53896e4bc'\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"SamAccountName\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"SID - security identifier of the group, for example 'S-1-5-21-3577459162-1270948675-2189036518-2886'\")), mdx(\"p\", null, \"You may need additional attributes about groups that are returned by sync. In this case you should add '-Properties\\nprop1, prop2...' in your request. Or if you don't want to specify exact properties you can just leave '*' instead. For\\nexample, let's get all available information about all security groups in a domain:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-ADGroup -Filter 'groupcategory -eq \\\"Security\\\"' -Properties *\\n\")), mdx(\"p\", null, \"As we mentioned above, running '-Properties *' significantly decreases performance, so we suggest specifying only those\\nproperties that you need. For example:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-ADGroup -Filter 'groupcategory -eq \\\"Security\\\"' -Properties cn,whenCreated\\n\")), mdx(\"p\", null, \"In the example above we will get all basic attributes that are mentioned in this chapter and + CN and WhenCreated\\nattributes.\"), mdx(\"p\", null, \"You can request the following properties in your requests:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"CanonicalName - for example 'openiamtest.local/Builtin/Administrators'\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Created\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"createTimeStamp\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Deleted\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Description\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"HomePage\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"isCriticalSystemObject\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"isDeleted\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"LastKnownParent\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"ManagedBy\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"MemberOf - DNs of the parent groups\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Members - DNs of members of this group\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Modified\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"modifyTimeStamp\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"ProtectedFromAccidentalDeletion\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"whenChanged\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"whenCreated\")), mdx(\"h3\", null, \"OpenIAM configuration for AD group sync.\"), mdx(\"p\", null, \"OpenIAM supplies out of the box configuration named 'AD Powershell GROUP Example'.\"), mdx(\"h2\", null, \"Synchronizing AD File shares\"), mdx(\"p\", null, \"The AD connector can synchronize file shares that are located on Windows Servers that are domain joined. Target Windows\\nservers that contain file shares should run Windows Server 2012 R2 at least.\"), mdx(\"p\", null, \"As file shares are located inside each separate server and AD does not manage them in the centralized way, the AD\\nconnector connects to each file share Windows server directly using PowerShell remoting and executes PowerShell commands\\nusing this remote session.\"), mdx(\"p\", null, \"Based on the above, the AD connector service account should have permissions to connect to the file share server\\nremotely. We assume that the AD connector server is joined to the same domain as the file share server. The AD connector\\nshould use a service account (regular user account that has certain permissions) from the same domain and this account\\nshould possess the ollowing permissions:\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"Member of local 'Remote Management Users' group on the target file share server to be able to discover all file shares\\non the given server.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Member of local 'Administrators' group on target file share server to be able to collect the set of permissions for\\neach file share (who and what type of access does someone have for each file share).\")), mdx(\"p\", null, \"To synchronize File shares, you should use 'Get-SmbSharesInfo' inside your synchronization query. The syntax is\\ndescribed below.\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-SmbSharesInfo -ComputerNames 'server1','server2'\\n\")), mdx(\"p\", null, \"In this scenario the AD connector will try to connect to 'server1' and 'server2' to get information about file shares\\nthat are stored there.\"), mdx(\"p\", null, \"Sometimes it may be useful to try to get information about all file shares inside your domain that are hosted on domain\\nservers. In this case the following query can be useful:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-SmbSharesInfo -DomainController 'yourDCHostname'\\n\")), mdx(\"p\", null, \"When the AD connector receives the query above, it will try to connect to your domain controller (using credentials\\nstored inside your managed system configuration) and pull all computers registered in AD. Having that list, the AD\\nconnector will try (using multithreading) to connect to each of them to collect information about file shares.\"), mdx(\"p\", null, mdx(\"em\", {\n parentName: \"p\"\n }, \"Getting permissions\"), \". To identity if the connector needs to collect permissions (who has which type of access for the\\nfile shares), the connector relies on the list of requested attributes from OpenIAM. The list of such attributes is set\\nin the 'Attribute names lookup' parameter of the OpenIAM synchronization configuration page. If this list contains '\\nPermissions' attribute the connector will try to pull permissions for each file share that was found. If this attribute\\nwill not be listed the connector will skip this operation.\"), mdx(\"h2\", null, \"Incremental sync of users or groups\"), mdx(\"p\", null, \"When you run incremental sync, OpenIAM relies on the time of last user/group modification in AD. Each user or group in\\nAD has a property that is updated each time the object is modified. In the PowerShell connector you can use 'Mdified'\\nproperty to address that value.\"), mdx(\"p\", null, \"When you run synchronization, you can use the following query to get objects that are modified later than a certain\\ndate:\"), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Get-AdGroup -Filter \\\"Modified -gt '$((Get-Date '?').ToUniversalTime())'\\\"\\n\")), mdx(\"p\", null, \"In this example OpenIAM will replace '?' with a real value during runtime and send a modified string to the connector.\"), mdx(\"p\", null, \"Additionally, OpenIAM should send information about the time format that it should receive from connector. We need this\\nbecause OpenIAM and the connector run on different platforms and need agrement about how to treat DateTime strings. The\\nformat should be sent in request metadata and the parameter name should be 'DateTimeStringFormat'. You can use following\\nformat:\"), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"783px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.1/static/bc5739bcbba7221e43401cce8b72c9a6/e51a6/4-adpowershell-02-dateformat.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"35.521235521235525%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAHCAYAAAAIy204AAAACXBIWXMAAB2HAAAdhwGP5fFlAAABDklEQVQoz5WRzU7EIBhF+/A+kHFjfBDjxmTidNppoR1aOuWnQI+BMbrRTFycAOFyw3dv5VxgVhOnY8O57ZBCInqB7AXLvJBiIoZ4l7AF9rRTWRvKYdErV73i3QY7hSzIhvcg7ZBi2VfWBYLfUKNCTxpr3L/w1qG14dAt7OnL0FmH7CVqnDCrLaxX8yffmjWbepQ2vB0n9hipnI/M00xTnzg3LRc5llFzhvWxpm0aRNcX6o+a9tQUfY5EXwaawzvb1eR8biM7FzHLFdEJpBgQZ8EoxvLrzW9458uaixv6gbEfGTrBMHns6xP+5YH+8RmjVImysjaX8BN+KSL8Hn6+u5HyE5JbSFqyKU0KsbT8CarEHPOI6CJFAAAAAElFTkSuQmCC')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"DateTime format requested from AD connector\",\n \"title\": \"DateTime format requested from AD connector\",\n \"src\": \"/docs-2026.5.1/static/bc5739bcbba7221e43401cce8b72c9a6/e51a6/4-adpowershell-02-dateformat.png\",\n \"srcSet\": [\"/docs-2026.5.1/static/bc5739bcbba7221e43401cce8b72c9a6/a2ead/4-adpowershell-02-dateformat.png 259w\", \"/docs-2026.5.1/static/bc5739bcbba7221e43401cce8b72c9a6/6b9fd/4-adpowershell-02-dateformat.png 518w\", \"/docs-2026.5.1/static/bc5739bcbba7221e43401cce8b72c9a6/e51a6/4-adpowershell-02-dateformat.png 783w\"],\n \"sizes\": \"(max-width: 783px) 100vw, 783px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"The above setting could be changed in the configuration of your Managed System.\"), mdx(\"h2\", null, \"Urgent queues\"), mdx(\"p\", null, \"A connector is responsible for transferring data between systems, between AD and OpenIAM in this case. If some messages require immediate processing, an urgent queue can be implemented to prioritize them over regular traffic. To add connection, follow the steps below.\"), mdx(\"ol\", null, mdx(\"li\", {\n parentName: \"ol\"\n }, \"Open \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"Connector.config\"), \" file inside the connector folder on Windows machine and add a new record to \", mdx(\"inlineCode\", {\n parentName: \"li\"\n }, \"\\\"RabbbitMQQueues\\\"\"), \" array, as shown below.\")), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"964px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.1/static/71f34edce680a367b875cad04ed4a0ae/72aae/4-adpowershell-03-urgent-queue1.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"89.1891891891892%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAASCAYAAABb0P4QAAAACXBIWXMAAAsTAAALEwEAmpwYAAACbElEQVQ4y51Ui06rUBA8//9TGmut9qFVq6WaFlsotLyhpC0cYMysxdyoifdeksmysOzO7uxBbaIISRwjSWKkSYIoilAWBf73UmGcIE53iJIMQZTAD2Pk+yOOusKh0Ch0jaKqP+xfQKVphuXKgm2vsXYcHI4FPD/A1vPgByHKUqNugLpuUDe/Q+X5Djc3N7i7u8Pz8zNMcwHXdREEAXzPQ9M03wACJ3zxVZIkuLy8lKQXFxe4vr7G6+srJpMJHMf5SPAvM/R9H4PBQPD4+IjFYgHTNDGdTnF7eyuW/mq1gmVZ2G63OB6PqKoKZVl+QmstUEzAdp+eniQhwdbpD4dDPDw8YDweC+jTkv39/T1ms5nE0mc8i0vClh3BFwwk+v2+BDMJR9EWJuM8z4XR4XDAfr8XFEUBxQ+vrq5kfrSj0egzwdnZmTzvdDpiiV6vJ4XJxjAMYdgSIWtFh0FMwPb4kAnJnB/Zti0sCLJK0xRxHAuyLANFbcFDISq3MyJbz/NEACq8Xq8FTErLdxSkvVohKFBd1x+iTA0Dw1ObZEhwpmTd7XblnmrznuBc6RPsgjvLYiTAwmpmGOicn4uCw8FAZsJAsmzXhR8sl0vM53MBn9EygR9F2Pg+HNfFyrKgtOdhu1jgzbLwZpqyZzwlnBGV455yNmEYyhw5N76vtJa2mzQFsgyoKoFqbBuh72N8EoMtUz2eFiahbZlxscmUs2arPEOlYaCYTKAdB9p1oZrNBonnwXh5kVZZncFk+Nv107FUeZZhl6aylGyJlkqy3W8/hT8TnfyvMYrzoWIUhTvIdgmuk27n9MMf56diTPgOW849dJl4IikAAAAASUVORK5CYII=')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"Urgent queue - Config file\",\n \"title\": \"Urgent queue - Config file\",\n \"src\": \"/docs-2026.5.1/static/71f34edce680a367b875cad04ed4a0ae/72aae/4-adpowershell-03-urgent-queue1.png\",\n \"srcSet\": [\"/docs-2026.5.1/static/71f34edce680a367b875cad04ed4a0ae/a2ead/4-adpowershell-03-urgent-queue1.png 259w\", \"/docs-2026.5.1/static/71f34edce680a367b875cad04ed4a0ae/6b9fd/4-adpowershell-03-urgent-queue1.png 518w\", \"/docs-2026.5.1/static/71f34edce680a367b875cad04ed4a0ae/72aae/4-adpowershell-03-urgent-queue1.png 964w\"],\n \"sizes\": \"(max-width: 964px) 100vw, 964px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"It is possible just to duplicate that record but append \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"'URGENT_'\"), \" to \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"*ReceiveQueue\"), \" and \", mdx(\"inlineCode\", {\n parentName: \"p\"\n }, \"*ResponseQueue\"), \" properties. So, configuration that supports urgent queues would look like one below.\"), mdx(\"p\", null, mdx(\"span\", {\n parentName: \"p\",\n \"className\": \"gatsby-resp-image-wrapper\",\n \"style\": {\n \"position\": \"relative\",\n \"display\": \"block\",\n \"marginLeft\": \"auto\",\n \"marginRight\": \"auto\",\n \"maxWidth\": \"1027px\"\n }\n }, \"\\n \", mdx(\"a\", {\n parentName: \"span\",\n \"className\": \"gatsby-resp-image-link\",\n \"href\": \"/docs-2026.5.1/static/48312dd3843d7ab14d7095f5f2d02aca/f2d92/4-adpowershell-03-urgent-queue2.png\",\n \"style\": {\n \"display\": \"block\"\n },\n \"target\": \"_blank\",\n \"rel\": \"noopener\"\n }, \"\\n \", mdx(\"span\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-background-image\",\n \"style\": {\n \"paddingBottom\": \"80.3088803088803%\",\n \"position\": \"relative\",\n \"bottom\": \"0\",\n \"left\": \"0\",\n \"backgroundImage\": \"url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAQCAYAAAAWGF8bAAAACXBIWXMAAAsTAAALEwEAmpwYAAACTElEQVQ4y6VTi5KaQBDk/z/roicveXmnoIiPwyeKIBo1gp3quUAul7qqVGWrunZnmZ3pnhmUxT5DfixwLN6RZTnKqsLH9fiAsnrgXlbiU5Yf8MtWlskBAz+A471gGI4RL1dYrjeyT+cx0ixHcb7g/P2K8+WKe/U7yeekXEoQzaBrKjqdDnRNg+s46PV6UNUO2q0WDEOHpqnQdQ22bSMIfIThCNPpFNF4jGEQYBJFAp6Vnj+CaRri7LoeHMfB6+srLNuGrutwXFd23TBgWRb6/T7ixQJpmiLZ7bDdbrHb7cQmlHAWw3MdmKYJz/MwHA4FruvCMAy5b7fb6Ha7EpDf3t7esFgsMJ/PBbTJmHeK/eLDsS15zCAEGQZBgMFgIAzyPG+YrNdrbDYb2VerlWC5XAok4HyVSN0oy/d9yTiZTCQrQUcGYLDT6dQ0oSxL3O93VFXV4PF4QHkJxuiaptSQYEMY/Pn5GaqqCnNN08TmTgWs82g0apgRcRwLAaU/jGBbFlzPE6lkR5akT0dK407n+p6Peccm7Pf7pgRJkkA53yqk+708mM1mOBwO4kR5RVHIoyzLxCZoX69XfLWUawkc8xyarovEWhKDMzMbQ3nsIpmxzmTJGrJmnyEM8ywTOexYzeJ2u+FfFoP8wbC4liiKI9LDoRlQMqN0nsmmHhWCdxwhnuukNbt3yRWkht9aLTw9PYlcyqZkPuQgU3IURc3wst5hGEpt/wp4/vHA9/NJusYAl8vl/yRv0hzJdiN/A7tLsLusJZ3rgf0Knxn+BJrJqEcN5UgdAAAAAElFTkSuQmCC')\",\n \"backgroundSize\": \"cover\",\n \"display\": \"block\"\n }\n }), \"\\n \", mdx(\"img\", {\n parentName: \"a\",\n \"className\": \"gatsby-resp-image-image\",\n \"alt\": \"Urgent queue - Configuration example\",\n \"title\": \"Urgent queue - Configuration example\",\n \"src\": \"/docs-2026.5.1/static/48312dd3843d7ab14d7095f5f2d02aca/f2d92/4-adpowershell-03-urgent-queue2.png\",\n \"srcSet\": [\"/docs-2026.5.1/static/48312dd3843d7ab14d7095f5f2d02aca/a2ead/4-adpowershell-03-urgent-queue2.png 259w\", \"/docs-2026.5.1/static/48312dd3843d7ab14d7095f5f2d02aca/6b9fd/4-adpowershell-03-urgent-queue2.png 518w\", \"/docs-2026.5.1/static/48312dd3843d7ab14d7095f5f2d02aca/f2d92/4-adpowershell-03-urgent-queue2.png 1027w\"],\n \"sizes\": \"(max-width: 1027px) 100vw, 1027px\",\n \"style\": {\n \"width\": \"100%\",\n \"height\": \"100%\",\n \"margin\": \"0\",\n \"verticalAlign\": \"middle\",\n \"position\": \"absolute\",\n \"top\": \"0\",\n \"left\": \"0\"\n },\n \"loading\": \"lazy\",\n \"decoding\": \"async\"\n }), \"\\n \"), \"\\n \")), mdx(\"p\", null, \"concurrency values could be changed as needed for normal and the urgent queue separately. \"), mdx(\"h1\", null, \"Connector Troubleshooting and Tips\"), mdx(\"p\", null, \"Connector troubleshooting is covered in the document that describes all .NET/PowerShell connector\\nusage: \", mdx(Link, {\n to: \"/connectorconfig/microsoft/2-powershellconnectorsusage\",\n mdxType: \"Link\"\n }, \"PowerShell connector usage\"), \".\\nTroubleshooting steps are the same for all connectors of this type. Following information is specific for this\\nconnector.\"), mdx(\"ul\", null, mdx(\"li\", {\n parentName: \"ul\"\n }, \"It is always better to specify the DNS hostname of your domain controller on the Managed System configuration page\\nespecially when the connector server is the member of a domain. Specifying an IP address may lead to non-obvious\\nerrors.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Port 9389 should be opened on the domain controller side so the connector could reach it. It should be opened almost\\nin all cases.\"), mdx(\"li\", {\n parentName: \"ul\"\n }, \"Sometimes it is useful to try a connection to AD in the same way as the AD connector does to make sure that the AD\\nconnector would work. You may run a tiny script to validate connection:\")), mdx(\"pre\", null, mdx(\"code\", {\n parentName: \"pre\",\n \"className\": \"language-PowerShell\"\n }, \"Import-Module ActiveDirectory\\n$dc = 'YOUR_DOMAIN_CONTROLLER_HOSTNAME'\\n$ADcred = Get-Credential\\n\\n\\nNew-PSDrive -PSProvider ActiveDirectory -Server $dc -Credential $ADcred -Root \\\"\\\" -Name IamADDrv -FormatType Canonical\\nif((Test-Path IamADDrv:) -eq $false)\\n{\\n throw \\\"Unable to connect to AD\\\"\\n}\\nSet-Location IamADDrv:\\n\")), mdx(\"h2\", null, \"Possible errors\"), mdx(\"p\", null, \"Errors in the table below are captured thanks to feedback from our customers. These have been the ones most frequently\\nreported.\"), mdx(\"table\", null, mdx(\"thead\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"thead\"\n }, mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Error\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Possible cause\"), mdx(\"th\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"How to fix\"))), mdx(\"tbody\", {\n parentName: \"table\"\n }, mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Cannot find newly created user X for further operations\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"This is a top stack trace error indicating that the connector cannot process request due to error that occurred earlier. However, other information is not usually taken into account when such messages appear on the top.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Read full error message, as it should contain exact reason why the connector failed to create an object.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Script that was specified for execution does not exist - xxx\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"This message appears in logs if one specifies 'Add/Modify' (or other operations) Object Rules parameter inside the OpenIAM Managed System configuration. That section allows users to have custom scripts that handle exact operations. However, by default the connector uses the default Connector.ps1 script that is located inside the connector folder. So, if you have that value specified, you need to make sure that there is a custom handler present inside the connector folder.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Either remove the value and set it to empty which will make the connector work with the default script, or make sure that the custom connector script exists.\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"X : The name provided is not a properly formed account name\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"You are trying to create an object (where X is an object type), but trying to set samaccountname more than 20 symbols which is not compatible.\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Try setting samaccountname to have less than 20 symbols. Check/fix provisioning groovy script at policy map for samaccountname attribute\")), mdx(\"tr\", {\n parentName: \"tbody\"\n }, mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Cannot process argument transformation on parameter 'Credential'. A command that alerts the user failed because the host program or the command type does not support user interaction\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"This error occurs if you try to run sync but have not specified the password inside the Managed System configuration\"), mdx(\"td\", {\n parentName: \"tr\",\n \"align\": \"left\"\n }, \"Set password in the Managed System configuration\")))));\n}\n;\nMDXContent.isMDXComponent = true;","tableOfContents":{"items":[{"url":"#installation-and-connection-to-openiam","title":"Installation and connection to OpenIAM"},{"url":"#general-usage","title":"General usage"},{"url":"#provisioning-identities","title":"Provisioning identities","items":[{"url":"#user-provisioning","title":"User provisioning"},{"url":"#group-provisioning","title":"Group provisioning","items":[{"url":"#openiam-configuration","title":"OpenIAM configuration"}]},{"url":"#computer-provisioning","title":"Computer provisioning"},{"url":"#fileshares-provisioning","title":"FileShares provisioning"}]},{"url":"#synchronization","title":"Synchronization","items":[{"url":"#synchronizing-ad-users","title":"Synchronizing AD users","items":[{"url":"#general-query-execution-logic","title":"General query execution logic"},{"url":"#returned-attributes","title":"Returned attributes"},{"url":"#query-syntax","title":"Query syntax"},{"url":"#synchronizing-ad-group-memberships","title":"Synchronizing AD group memberships"},{"url":"#openiam-configuration-for-ad-user-sync","title":"OpenIAM configuration for AD user sync."}]},{"url":"#synchronizing-ad-groups","title":"Synchronizing AD groups","items":[{"url":"#attributes-that-are-returned-by-ad-group-sync","title":"Attributes that are returned by AD Group sync"},{"url":"#openiam-configuration-for-ad-group-sync","title":"OpenIAM configuration for AD group sync."}]},{"url":"#synchronizing-ad-file-shares","title":"Synchronizing AD File shares"},{"url":"#incremental-sync-of-users-or-groups","title":"Incremental sync of users or groups"},{"url":"#urgent-queues","title":"Urgent queues"}]},{"url":"#connector-troubleshooting-and-tips","title":"Connector Troubleshooting and Tips","items":[{"url":"#possible-errors","title":"Possible errors"}]}]},"parent":{"relativePath":"connectorconfig/microsoft/4-adpowershell.md"},"frontmatter":{"metaTitle":"OpenIAM Active Directory PowerShell connector","metaDescription":"This page describes how to use OpenIAM Active directory connector"}},"allMdx":{"edges":[{"node":{"fields":{"slug":"/admin","title":"Administration guide"}}},{"node":{"fields":{"slug":"/appendix","title":"Appendix"}}},{"node":{"fields":{"slug":"/changelog","title":"Change log"}}},{"node":{"fields":{"slug":"/connectorconfig","title":"IdM Connectors"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice","title":"End user guide for SelfService portal"}}},{"node":{"fields":{"slug":"/ssocatalog","title":"SSO Catalog"}}},{"node":{"fields":{"slug":"/getting-started","title":"Getting Started"}}},{"node":{"fields":{"slug":"/troubleshooting","title":"FAQ / Troubleshooting"}}},{"node":{"fields":{"slug":"/developerguide","title":"Developer Guide"}}},{"node":{"fields":{"slug":"/whatsnew","title":"What's new in OpenIAM"}}},{"node":{"fields":{"slug":"/installation","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/admin/0-login","title":"Logging in to the admin portal"}}},{"node":{"fields":{"slug":"/admin/1-exportimport","title":"Import / Export"}}},{"node":{"fields":{"slug":"/","title":"Welcome to the OpenIAM Documentation"}}},{"node":{"fields":{"slug":"/admin/1-usradmin","title":"User administration"}}},{"node":{"fields":{"slug":"/admin/10-consent-management","title":"Consent management"}}},{"node":{"fields":{"slug":"/admin/10-password","title":"Password policy"}}},{"node":{"fields":{"slug":"/admin/12-administration","title":"Administration"}}},{"node":{"fields":{"slug":"/admin/13-selfregistration","title":"Self-registration"}}},{"node":{"fields":{"slug":"/admin/15-audit","title":"Audit"}}},{"node":{"fields":{"slug":"/admin/14-Help.Desk.User.Profile.Protection","title":"HelpDesk profile protection"}}},{"node":{"fields":{"slug":"/admin/18-services-passwd-change-k8","title":"Password update for OpenIAM services in Kubernetes"}}},{"node":{"fields":{"slug":"/admin/2-authentication","title":"Authentication"}}},{"node":{"fields":{"slug":"/admin/20-virtual-tentant-by-org","title":"Enabling a virtual tenant by organization"}}},{"node":{"fields":{"slug":"/admin/21-graph-rebuild","title":"Rebuilding OpenIAM's in-memory authorization graph"}}},{"node":{"fields":{"slug":"/admin/3-authz","title":"Managing access"}}},{"node":{"fields":{"slug":"/admin/22-token-session-util","title":"Session management utility for RPM"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/admin/16-admin-pswd-change","title":"Password reset for administrator's account"}}},{"node":{"fields":{"slug":"/admin/19-reports","title":"OpenIAM report services"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov","title":"Requests / Approval"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle","title":"Automated provisioning"}}},{"node":{"fields":{"slug":"/admin/8-sso","title":"Federation / SSO to applications"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy","title":"Access gateway"}}},{"node":{"fields":{"slug":"/appendix/1-self-signedcert","title":"Generate Self-signed Cert"}}},{"node":{"fields":{"slug":"/admin/7-access-cert","title":"User access review"}}},{"node":{"fields":{"slug":"/appendix/2-openssl","title":"Install OpenSSL"}}},{"node":{"fields":{"slug":"/appendix/4-prepforprod","title":"Prepare for Production"}}},{"node":{"fields":{"slug":"/changelog/12-Release-4.2.1.6","title":"Release 4.2.1.6"}}},{"node":{"fields":{"slug":"/changelog/13-Release-4.2.1.7","title":"Release 4.2.1.7"}}},{"node":{"fields":{"slug":"/changelog/14-Release-4.2.1.8","title":"Release 4.2.1.8"}}},{"node":{"fields":{"slug":"/changelog/11-Release-4.2.1.5","title":"Release 4.2.1.5"}}},{"node":{"fields":{"slug":"/changelog/15-Release-4.2.1.9","title":"Release 4.2.1.9"}}},{"node":{"fields":{"slug":"/appendix/3-installopenldap","title":"Install OpenLDAP on Ubuntu"}}},{"node":{"fields":{"slug":"/changelog/18-Release-4.2.1.12","title":"Release 4.2.1.12"}}},{"node":{"fields":{"slug":"/changelog/16-Release-4.2.1.10","title":"Release 4.2.1.10"}}},{"node":{"fields":{"slug":"/changelog/17-Release-4.2.1.11","title":"Release 4.2.1.11"}}},{"node":{"fields":{"slug":"/changelog/20-Release-4.2.1.14","title":"Release 4.2.1.14"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.1.15","title":"Release 4.2.1.15"}}},{"node":{"fields":{"slug":"/changelog/22-v2026.1.1","title":"Changelog for v2026.1.1"}}},{"node":{"fields":{"slug":"/connectorconfig/2-configparam","title":"Connector parameters"}}},{"node":{"fields":{"slug":"/connectorconfig/4-troubleshootingconnector","title":"Provisioning operations troubleshooting"}}},{"node":{"fields":{"slug":"/connectorconfig/JDBC","title":"JDBC connector"}}},{"node":{"fields":{"slug":"/connectorconfig/LDAP","title":"LDAP connector"}}},{"node":{"fields":{"slug":"/connectorconfig/SAPUME","title":"SAP UME connector"}}},{"node":{"fields":{"slug":"/connectorconfig/adp","title":"ADP connector"}}},{"node":{"fields":{"slug":"/connectorconfig/aerospike","title":"Aerospike connector"}}},{"node":{"fields":{"slug":"/changelog/19-Release-4.2.1.13","title":"Release 4.2.1.13"}}},{"node":{"fields":{"slug":"/connectorconfig/linux","title":"Linux connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft","title":"Microsoft Application Connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/aws","title":"AWS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/oracle","title":"Oracle RDBMS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/oracleebs","title":"Oracle EBS connector"}}},{"node":{"fields":{"slug":"/connectorconfig/postgresql","title":"PostgreSQL connector"}}},{"node":{"fields":{"slug":"/connectorconfig/rexx","title":"Rexx connector"}}},{"node":{"fields":{"slug":"/connectorconfig/gsuite","title":"GSuite connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scim","title":"SCIM connector"}}},{"node":{"fields":{"slug":"/connectorconfig/sap","title":"SAP S/4 Hana connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector","title":"Groovy Script connector"}}},{"node":{"fields":{"slug":"/connectorconfig/tableau","title":"Tableau connector"}}},{"node":{"fields":{"slug":"/developerguide/10-OpenIAM-opensource-rep","title":"OpenIAM open source repository"}}},{"node":{"fields":{"slug":"/connectorconfig/workday","title":"Workday connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css","title":"Customizing branding"}}},{"node":{"fields":{"slug":"/developerguide/3-whitelisting","title":"Whitelisting packages"}}},{"node":{"fields":{"slug":"/developerguide/4-scheduledtasks","title":"Batch/Scheduled tasks"}}},{"node":{"fields":{"slug":"/connectorconfig/freeIPA","title":"FreeIPA connector"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel","title":"Data model"}}},{"node":{"fields":{"slug":"/developerguide/2-api","title":"RESTful API"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization","title":"Synchronization Scripts"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/1-login","title":"Logging in to SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice","title":"Operations via SelfService portal"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess","title":"User access rights"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest","title":"Request management"}}},{"node":{"fields":{"slug":"/getting-started/1-what_is_openiam","title":"What is OpenIAM?"}}},{"node":{"fields":{"slug":"/getting-started/2-productarchitecture","title":"Platform architecture"}}},{"node":{"fields":{"slug":"/getting-started/3-install_openiam","title":"Installing OpenIAM"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/6-singlesignon","title":"Single sign-on"}}},{"node":{"fields":{"slug":"/getting-started/21-concepts","title":"Concepts"}}},{"node":{"fields":{"slug":"/getting-started/5-connecting","title":"Connecting to an authoritative source"}}},{"node":{"fields":{"slug":"/developerguide/6-ide","title":"Script development using an IDE"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding","title":"Application onboarding"}}},{"node":{"fields":{"slug":"/getting-started/7-selfservice-pswd","title":"SelfService password reset"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce","title":"Discovery questions"}}},{"node":{"fields":{"slug":"/getting-started/9-openiam-as-IdP","title":"Integrating OpenIAM as your IdP"}}},{"node":{"fields":{"slug":"/getting-started/8-openiam-with-IdP","title":"Integrating OpenIAM with your IdP"}}},{"node":{"fields":{"slug":"/getting-started/99-multifactor-authentication","title":"Configuring multi-factor authentication"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning","title":"Automated user provisioning"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation","title":"Deploying via RPM on Linux"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation","title":"Deploying to Kubernetes"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation","title":"Deploying on OpenShift"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation","title":"Deploying via Docker"}}},{"node":{"fields":{"slug":"/installation/8-sizing","title":"Sizing recommendations"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous","title":"Miscellaneous related articles"}}},{"node":{"fields":{"slug":"/ssocatalog/AWS","title":"AWS SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Gsuite","title":"GSuite SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Freshdesk","title":"Freshdesk SSO"}}},{"node":{"fields":{"slug":"/installation/9-data_migration","title":"OpenIAM data migration"}}},{"node":{"fields":{"slug":"/ssocatalog/Azure","title":"Azure SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Office365","title":"Office365 SSO"}}},{"node":{"fields":{"slug":"/ssocatalog/Salesforce","title":"Salesforce.com"}}},{"node":{"fields":{"slug":"/ssocatalog/okta","title":"Okta SSO"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster","title":"Cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors","title":"Connectors"}}},{"node":{"fields":{"slug":"/troubleshooting/docker","title":"Docker Swarm"}}},{"node":{"fields":{"slug":"/troubleshooting/environment","title":"Environment"}}},{"node":{"fields":{"slug":"/troubleshooting/operational","title":"Operational"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm","title":"RPM"}}},{"node":{"fields":{"slug":"/whatsnew/10-v4218","title":"New in v4.2.1.8"}}},{"node":{"fields":{"slug":"/whatsnew/1-v420","title":"New in v4.2.0.0"}}},{"node":{"fields":{"slug":"/whatsnew/12-v42110","title":"New in v4.2.1.10"}}},{"node":{"fields":{"slug":"/whatsnew/11-v4219","title":"New in v4.2.1.9"}}},{"node":{"fields":{"slug":"/whatsnew/16-v42115","title":"New in v4.2.1.15"}}},{"node":{"fields":{"slug":"/troubleshooting/v3_update","title":"Update from V3.X to V4.X"}}},{"node":{"fields":{"slug":"/whatsnew/15-v42113","title":"New in v4.2.1.13"}}},{"node":{"fields":{"slug":"/whatsnew/16-v422","title":"New in v4.2.2"}}},{"node":{"fields":{"slug":"/whatsnew/17-v2026.1.1","title":"New in v2026.1.1"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.2.1","title":"New in v2026.2.1"}}},{"node":{"fields":{"slug":"/whatsnew/18-v2026.3.1","title":"New in v2026.3.1"}}},{"node":{"fields":{"slug":"/whatsnew/19-v2026.3.2","title":"New in v2026.3.2"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.4.1","title":"New in v2026.4.1"}}},{"node":{"fields":{"slug":"/whatsnew/21-v2026.4.2","title":"New in v2026.4.2"}}},{"node":{"fields":{"slug":"/whatsnew/7-v4215","title":"New in v4.2.1.5"}}},{"node":{"fields":{"slug":"/whatsnew/8-v4216","title":"New in v4.2.1.6"}}},{"node":{"fields":{"slug":"/whatsnew/13-v42111","title":"New in v4.2.1.11"}}},{"node":{"fields":{"slug":"/whatsnew/22-v2026.5.1","title":"New in v2026.5.1"}}},{"node":{"fields":{"slug":"/connectorconfig/salesforce","title":"Salesforce.com connector"}}},{"node":{"fields":{"slug":"/admin/17-services-manual-passwd-change","title":"Manual password update for OpenIAM services in RPM"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/10-bulkoperations","title":"Bulk operations"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/1-createuser","title":"Creating a user"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/11-bulkentitlements","title":"Bulk operations with entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/12-externaldelegation","title":"Organization level delegation"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/13-unlock-account","title":"Unlocking an account"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/14-add-remove-entitlements","title":"Adding/Removing entitlements"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/16-user-conversion","title":"User conversion"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/18-creating-new-dept-division","title":"Creating a new department or division"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/17-newhireworkflow","title":"New hire workflow configuration"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/2-usertypes","title":"Custom user types"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/15-rehireuserflow","title":"Rehire user flow"}}},{"node":{"fields":{"slug":"/whatsnew/14-v42112","title":"New in v4.2.1.12"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/6-relatedAccount","title":"Related accounts"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/5-finduser","title":"User search"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/8-serviceaccounts","title":"Service accounts"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/9-orphanmanagement","title":"Orphan management"}}},{"node":{"fields":{"slug":"/whatsnew/9-v4217","title":"New in v4.2.1.7"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/7-customfields","title":"Custom fields"}}},{"node":{"fields":{"slug":"/admin/10-password/1-pswd-compromised","title":"Password breach detection"}}},{"node":{"fields":{"slug":"/admin/12-administration/3-squence-generator","title":"Sequence generators"}}},{"node":{"fields":{"slug":"/admin/12-administration/5-links","title":"External links on login page"}}},{"node":{"fields":{"slug":"/admin/12-administration/6-languages","title":"Managing languages"}}},{"node":{"fields":{"slug":"/admin/12-administration/7-reconciliationhistory","title":"Reconciliation history"}}},{"node":{"fields":{"slug":"/admin/12-administration/8-aboutopenIAM-page","title":"About OpenIAM Page"}}},{"node":{"fields":{"slug":"/admin/12-administration/99-heartbeat","title":"Heartbeat links"}}},{"node":{"fields":{"slug":"/admin/12-administration/9-reindex_elasticsearch","title":"Reindex Opensearch"}}},{"node":{"fields":{"slug":"/admin/15-audit/2-audit-log-export-connector","title":"Audit log export connector"}}},{"node":{"fields":{"slug":"/admin/15-audit/1-audit-events-interpret","title":"Audit events interpretation"}}},{"node":{"fields":{"slug":"/admin/2-authentication/1-auth-overview","title":"Configuring authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/10-fidologin","title":"FIDO-2 authentication"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/3-adminoperations","title":"Administrative actions on a User"}}},{"node":{"fields":{"slug":"/admin/2-authentication/11-credentialprovider","title":"Credential provider"}}},{"node":{"fields":{"slug":"/admin/2-authentication/14-duo-auth","title":"Duo authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/13-criiptoauth","title":"Criipto authentication"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration","title":"Configuring page templates"}}},{"node":{"fields":{"slug":"/admin/2-authentication/16-external-multiselect-auth","title":"External/multiselect authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/15-modernauth","title":"Microsoft Modern authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-auth-policy","title":"Authentication policy"}}},{"node":{"fields":{"slug":"/admin/2-authentication/21-dashboards","title":"Monitoring dashboards"}}},{"node":{"fields":{"slug":"/admin/2-authentication/2-delegatedauth","title":"Managed System authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/3-passwordauth","title":"Password-based authentication"}}},{"node":{"fields":{"slug":"/admin/2-authentication/7-otp","title":"OTP over SMS or E-mail"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social","title":"Social authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/1-overview","title":"Introduction to access control"}}},{"node":{"fields":{"slug":"/admin/2-authentication/9-adaptiveauth","title":"Adaptive authentication"}}},{"node":{"fields":{"slug":"/admin/3-authz/10-accessright","title":"Access rights"}}},{"node":{"fields":{"slug":"/admin/3-authz/11-contentprovider","title":"Content provider"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus","title":"Menus"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-conflict-groups","title":"Conflict Groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles","title":"Managing roles"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups","title":"Managing groups"}}},{"node":{"fields":{"slug":"/admin/3-authz/4-types","title":"Metadata types"}}},{"node":{"fields":{"slug":"/admin/3-authz/5-resources","title":"Managing resources"}}},{"node":{"fields":{"slug":"/admin/3-authz/8-accesstossoapps","title":"Access to SSO applications"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-account-unlock","title":"Setting up account unlock"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/1-Automated-applications","title":"Connected applications"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications","title":"Manual applications"}}},{"node":{"fields":{"slug":"/admin/2-authentication/12-certificateauth","title":"Configuring certificate-based authentication"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/10-managedsystemsimulation","title":"Managed system simulation mode"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/12-LDAP-managedsys-config","title":"LDAP Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config","title":"Configure Provisioning"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/2-incrementalsynch","title":"Incremental synchronization"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/1-synch","title":"Configuring synchronization"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/3-recon","title":"Configure reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/4-birthright","title":"Birthright access"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/6-managedsystem-config","title":"Managed system configuration"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/5-recon-groovy","title":"Groovy Scripts for Reconciliation"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/9-importorganization","title":"Import Organizations"}}},{"node":{"fields":{"slug":"/admin/3-authz/9-approvalflow","title":"Configuring approval workflows"}}},{"node":{"fields":{"slug":"/admin/3-authz/6-organization","title":"Managing organizations"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/8-importentitlements","title":"Import entitlements"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/2-approval-flow","title":"Approval flow"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/4-post-request","title":"After request has been approved"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/5-approve-by-email","title":"Approving requests via Email"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/3-manualTasks","title":"Manual tasks"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/1-entitlmentcert","title":"Entitlement based certification"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/7-questionnaire","title":"Questionnaire"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/10-mitigation-controls","title":"Mitigation controls for SoD"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-event-driven-cert","title":"Risk event driven certification"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-risk-factor-config","title":"Risk factors configuration"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/2-usercert","title":"User based review"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/3-certification-reporting","title":"Certification reporting"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/5-delete-campaign","title":"Deleting an access certification campaign"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/4-membership-tags","title":"Membership tags"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/6-campaign-database","title":"Access certification campaigns as database objects"}}},{"node":{"fields":{"slug":"/admin/6-requestapprov/1-application-category","title":"Application categories"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/8-multiple-reviwer-campaigns","title":"Multi-reviewer user access review campaigns"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/9-segregation-of-duties","title":"Segregation of Duties (SoD) policies"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml","title":"Add SAML SP to OpenIAM"}}},{"node":{"fields":{"slug":"/admin/7-access-cert/7-expiration-policy","title":"Expiration policy"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/1-formfill","title":"Form Fill"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/2-headerinj","title":"Header Injection"}}},{"node":{"fields":{"slug":"/admin/8-sso/5-auth_scopes","title":"OpenIAM oAuth scopes"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/3-urlrewriting","title":"URL Rewriting"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/6-example","title":"Examples"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/8-kerberos","title":"Setting up Kerberos via rProxy"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/7-rProxy-loadbalancer","title":"Reverse Proxy with Load Balancer"}}},{"node":{"fields":{"slug":"/admin/9-r-Proxy/9-directive-reference","title":"mod_openiam Directive Reference"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2","title":"oAuth 2.0"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal","title":"WinLocal OpenIAM connector"}}},{"node":{"fields":{"slug":"/admin/8-sso/3-oidc","title":"OpenID Connect"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/1-powershellconnectorinstallation","title":"Installing PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-dynamics365FO","title":"Dynamics365 Finance&Operations connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/12-WindowsPasswordFilter","title":"AD Password Filter"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/13-successfactors","title":"SuccessFactors connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/14-psgraph","title":"Microsoft Graph PowerShell connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/15-powershell-generic","title":"Building a custom PowerShell connector for OpenIAM"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management","title":"Mail management"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig","title":"System configuration"}}},{"node":{"fields":{"slug":"/admin/12-administration/4-otpconfig","title":"Configure OTP Provider"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/16-teams","title":"Microsoft Teams connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/3-powershellconnectorupdate","title":"Updating PowerShell connectors"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/5-azuread","title":"Entra ID/O365 connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/7-azuredevops","title":"Azure DevOps connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/8-dynamics365","title":"Dynamics365 connector"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/9-sqlserver","title":"Microsoft SQL Server connector"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/connector-request-template","title":"OpenIAM connector request template"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/1-customcss","title":"Creating custom CSS"}}},{"node":{"fields":{"slug":"/connectorconfig/scriptConnector/GroovyScriptConnector","title":"Configuring Groovy Script connector"}}},{"node":{"fields":{"slug":"/developerguide/1-custom-css/2-cssexamples","title":"CSS file examples"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/6-exchange","title":"Exchange connector"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman","title":"Getting started with Postman"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/2-powershellconnectorsusage","title":"Using PowerShell connectors"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python","title":"Getting started with Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java","title":"Getting started with Java"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/2-access-certification-reminder","title":"Notification reminders for approvers"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/1-usermodel","title":"User data model"}}},{"node":{"fields":{"slug":"/developerguide/5-datamodel/2-rbacmodel","title":"Access control model"}}},{"node":{"fields":{"slug":"/developerguide/8-api/approver-association","title":"/webconsole - approver-association"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-right","title":"/webconsole - access-right"}}},{"node":{"fields":{"slug":"/developerguide/8-api/audit-log","title":"/webconsole - audit-log"}}},{"node":{"fields":{"slug":"/developerguide/8-api/auth-provider","title":"/webconsole - auth-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/authentication-grouping","title":"/webconsole - authentication-grouping"}}},{"node":{"fields":{"slug":"/developerguide/8-api/challenge-response","title":"/webconsole - challenge-response"}}},{"node":{"fields":{"slug":"/developerguide/8-api/batch","title":"/webconsole - batch"}}},{"node":{"fields":{"slug":"/developerguide/8-api/connector","title":"/webconsole - connector"}}},{"node":{"fields":{"slug":"/developerguide/8-api/content-provider","title":"/webconsole - content-provider"}}},{"node":{"fields":{"slug":"/developerguide/8-api/email","title":"/webconsole - email"}}},{"node":{"fields":{"slug":"/developerguide/8-api/elastic-search","title":"/webconsole - elastic-search"}}},{"node":{"fields":{"slug":"/developerguide/8-api/field","title":"/webconsole - field"}}},{"node":{"fields":{"slug":"/developerguide/8-api/groovy-manager","title":"/webconsole - groovy-manager"}}},{"node":{"fields":{"slug":"/developerguide/8-api/group","title":"/webconsole - group"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-oauth","title":"/idp - idp-oauth"}}},{"node":{"fields":{"slug":"/developerguide/4-sheduledtasks/1-provision-on-date","title":"Provision/Deprovision on date"}}},{"node":{"fields":{"slug":"/developerguide/8-api/managed-system","title":"/webconsole - managed-system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/menu","title":"/webconsole - menu"}}},{"node":{"fields":{"slug":"/developerguide/8-api/metadata","title":"/webconsole - metadata"}}},{"node":{"fields":{"slug":"/whatsnew/20-v2026.3.3","title":"New in 2026.3.3"}}},{"node":{"fields":{"slug":"/developerguide/8-api/oauth","title":"/webconsole - oauth"}}},{"node":{"fields":{"slug":"/developerguide/8-api/it-policy","title":"/webconsole - it-policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization-type","title":"/webconsole - organization-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/idp-rest","title":"/idp - idp-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/page-template","title":"/webconsole - page-template"}}},{"node":{"fields":{"slug":"/developerguide/8-api/organization","title":"/webconsole - organization"}}},{"node":{"fields":{"slug":"/developerguide/8-api/property-value","title":"/webconsole - property-value"}}},{"node":{"fields":{"slug":"/developerguide/8-api/report","title":"/webconsole - report"}}},{"node":{"fields":{"slug":"/developerguide/8-api/policy","title":"/webconsole - policy"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource-type","title":"/webconsole - resource-type"}}},{"node":{"fields":{"slug":"/developerguide/8-api/resource","title":"/webconsole - resource"}}},{"node":{"fields":{"slug":"/developerguide/8-api/role","title":"/webconsole - role"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-config","title":"/webconsole - sync-config"}}},{"node":{"fields":{"slug":"/developerguide/8-api/ui-theme","title":"/webconsole - ui-theme"}}},{"node":{"fields":{"slug":"/developerguide/8-api/sync-rest","title":"/webconsole - sync-rest"}}},{"node":{"fields":{"slug":"/developerguide/8-api/system","title":"/webconsole - system"}}},{"node":{"fields":{"slug":"/developerguide/8-api/uri-pattern","title":"/webconsole - uri-pattern"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov","title":"Automated provisioning Scripts"}}},{"node":{"fields":{"slug":"/developerguide/8-api/user","title":"/webconsole - user"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import","title":"Import from application"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/3-importing_groups","title":"Importing groups from application"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/1-forgotpassword","title":"Forgot password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/3-changepassword","title":"Updating your password"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/4-outofoffice","title":"Out of office assistant"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/2-updateprofile","title":"Updating user profile"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/4-relations-with-manager","title":"Populating a manager"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/5-forgotusername","title":"Forgot username"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/2-selfservice/6-updatesecquestions","title":"Updating security questions"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/1-servicecatalog","title":"Requesting access via catalog"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/10-positionchange","title":"Position change request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/11-accessprofiles","title":"Access profiles"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/12-bulkupload","title":"Uploading users in bulk"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/5-approverequest","title":"Approving requests"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/2-jobprofile","title":"Requesting access from profile"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/6-requestadministration","title":"Request administration"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/7-requesthistory","title":"Requests history"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/9-newuser","title":"Creating a new user"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/1-viewmyaccess","title":"View my access"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/4-createrequest/8-newgroup","title":"Creating a group request"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/2-directreports","title":"View direct reports"}}},{"node":{"fields":{"slug":"/end-user-guide-for-selfservice/7-useraccess/3-UAR-in-Self-Service","title":"User access review module in SelfService"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/1-designrole","title":"Designing business roles"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/2-openiam-access-role","title":"Designing access roles"}}},{"node":{"fields":{"slug":"/getting-started/31-planning-workforce/3-connector-planning","title":"Connector requirements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect","title":"Deploying and registering connectors"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements","title":"Importing entitlements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements","title":"Importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/1-jml","title":"Joiners, movers, leavers processes"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial","title":"Automated provisioning tutorial"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode","title":"Single VM Install"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/10-ha-rpm","title":"High availability (HA) deployment using RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/11-configuration-options","title":"Configuration options in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/2-rproxy","title":"r-Proxy installation in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/12-migrating-onpremises-to-cloud","title":"Migrating OpenIAM from on-premises installation to a cloud-based infrastructure"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports","title":"Deployment architecture in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/4-backup","title":"RPM backup / recovery"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading","title":"Upgrading OpenIAM in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB","title":"Installing OpenIAM with a remote database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/8-ssl","title":"Configuring HTTPS in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-migrating-non-production-to-production-environment","title":"Migrating non-production to production environment in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/1-https","title":"Configuring HTTPS on Docker"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/9-rabbitssl","title":"Enable TLS for RabbitMQ in RPM"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading","title":"Upgrading OpenIAM in Docker environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/4-YAML-files","title":"Docker YAML files"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/5-docker-swarm-backup","title":"Backup / restore in Docker Swarm"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/2-Configuration-options","title":"Configuration options in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/6-externalDB","title":"Installing OpenIAM with a remote database in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/1-ssl","title":"Configuring HTTPS in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/10-backup-and-restoration","title":"Backup and restoration procedure in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/11-common-scenario","title":"Installing OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/12-vault-migration-fromRPM-toK8","title":"Migration of Vault from RPM-based cluster to Kubernetes-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/2-deployment-with-terraform","title":"Deploying OpenIAM with Terraform"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/3-depl-without-terraform","title":"Deploying OpenIAM on Kubernetes using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/4-RabbitMQ-TLS","title":"RabbitMQ TLS directory in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading","title":"Upgrading OpenIAM in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/7-useal-keys-restoration","title":"Backing up and restoring the vault unseal keys in Kubernetes"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms","title":"Kubernetes Platforms"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/9-remoteDB","title":"Installing OpenIAM with a remote database in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/1-create-cluster","title":"Creating an OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/8-AKS_with_ext_MSSQL","title":"Deploying OpenIAM on AKS (Kubernetes) with an external MSSQL database"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/2-connect-to-cluster","title":"Connect to OpenShift cluster on Azure"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/4-some-descriptions-helm","title":"Memory requirements for OpenShift deployment with Helm"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/5-localhost-dev-cluster","title":"Localhost development cluster"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/6-deploy-from-windows","title":"Deploy OpenIAM to OpenShift cluster with Helm (from Windows)"}}},{"node":{"fields":{"slug":"/installation/8-sizing/2-medium-k8","title":"Medium Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/8-sizing/1-small-k8","title":"Small Enterprise - K8"}}},{"node":{"fields":{"slug":"/installation/9-data_migration/1-migrating_ES_Docker","title":"Verifying and migrating Elasticsearch data in Docker-based OpenIAM cluster"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/01-log4j","title":"Log4j Vulnerability"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/02-hardening","title":"Securing your installation"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/03-db-switch","title":"Change OpenIAM product database"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/04-compatibility","title":"Compatibility matrix"}}},{"node":{"fields":{"slug":"/installation/9-miscellaneous/05-postgres-install","title":"Installing PostgreSQL 15"}}},{"node":{"fields":{"slug":"/installation/99-miscellaneous/04-compatibility","title":"Compatibility Matrix"}}},{"node":{"fields":{"slug":"/developerguide/8-api/access-certification","title":"/webconsole - access-certification"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/1-rabbitmq-reinit","title":"RabbitMQ cluster went out of order"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/3-Rabbitmq-connection-timeout","title":"RabbitMQ connection timeout issue"}}},{"node":{"fields":{"slug":"/troubleshooting/cluster/2-rabbitmq-UI","title":"RabbitMQ is not reached from UI in RPM installations"}}},{"node":{"fields":{"slug":"/troubleshooting/connectors/sync-vs-async-source","title":"Synchronous vs. asynchronous synchronization source for connectors"}}},{"node":{"fields":{"slug":"/installation/7-OpenShift-installation/3-deploy-OpenIAM-helm","title":"Deploy OpenIAM to OpenShift cluster with Helm"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/1-connectorlogs","title":"View container logs"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/2-containersrestart","title":"Containers Restarting"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/3-uninstall","title":"Remove an OpenIAM Docker Install"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/4-troubleshooting-steps","title":"Troubleshooting steps in a container-based cluster"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/memoryutili","title":"Check memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/redismemory","title":"Redis memory utilization"}}},{"node":{"fields":{"slug":"/troubleshooting/environment/disableswap","title":"Disable swap"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/JDBC-connection-pool","title":"Increasing the JDBC connection pool size"}}},{"node":{"fields":{"slug":"/troubleshooting/docker/5-log-checking-guide","title":"Docker log checking guide"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-after-migration","title":"Access problem after migrating OpenIAM"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/access-forbidden","title":"Access Forbidden error"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/activationlink","title":"Error when sending activation link"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/audit-doc-timestamp","title":"Audit document timestamp issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/auth-manager","title":"Backend exception error when running authentication manager"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/database-reset","title":"Database reset"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/debug-logs-CassandraJanusGraph","title":"Enabling and disabling debug logs for Cassandra and JanusGraph"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/elasticsearch-readonly-state","title":"Elasticsearch read-only state"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/flyway_version","title":"Flyway version issue"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/increasing-RAM","title":"Increasing memory for OpenIAM services"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/lackof_disk_space","title":"Running out of disk space"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/modifly_system_labels_and_messages","title":"Changing system labels and messages"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/my-application-page-selfservice","title":"Changing refresh time for My Applications page in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/overriding-app-properties","title":"Overriding UI application properties"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/pad-block-corrupted","title":"PAD Block Corrupted"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/remove-navigation-bar","title":"Removing menu items from top navigation bar"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/report-generation-issue","title":"Error during report generating in RPM installations"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/resetting_passwords","title":"Resetting passwords"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/run_flyway_repair_mode","title":"Run Flyway in repair mode"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/unlocksysadmin","title":"Unlock sysadmin"}}},{"node":{"fields":{"slug":"/troubleshooting/operational/username_in_selfservice","title":"Username not shown in SelfService"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/failed-dependencies","title":"Failed dependencies"}}},{"node":{"fields":{"slug":"/troubleshooting/rpm/trobleshooting_guide","title":"Troubleshooting guide for RPM"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/1-userpage","title":"Configuring user page templates"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/2-customuserpage","title":"Creating more custom user edit pages"}}},{"node":{"fields":{"slug":"/admin/1-usradmin/4-pageconfiguration/4-customtemplates","title":"Custom form templates"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/1-system","title":"System tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/2-regex-validation","title":"Validation regular expressions"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/3-UI","title":"UI tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/5-organization-tab","title":"Organization tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/9-health-checks","title":"Configuring health checks for managed systems"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/4-workflow","title":"Workflow tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/7-authentication","title":"Authentication tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/8-auditeventstosyslog","title":"Exporting audit events to syslogs"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/1-emailtemplates","title":"Email templates"}}},{"node":{"fields":{"slug":"/admin/12-administration/1-sysconfig/6-password","title":"Password tab"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/2-smtpconfig","title":"Mailbox Configuration"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/3-multilanguagemail","title":"Multilanguage emails"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/4-mail-via-azure","title":"Mailbox configuration via Azure application"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/5-alert-notifications","title":"Configuring alert notifications"}}},{"node":{"fields":{"slug":"/admin/12-administration/2-mail-management/6-email-template-variables","title":"Email template variables reference"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/1-googlesociallogin","title":"Google Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/2-facebooksociallogin","title":"Facebook Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/3-linkedinsociallogin","title":"LinkedIn Social Login"}}},{"node":{"fields":{"slug":"/admin/2-authentication/8-social/4-appleidsociallogin","title":"AppleID Social Login"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/1-enduseraccess","title":"End-user access roles"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/2-adminaccess","title":"Admin access role"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/3-FAQ","title":"FAQs about menus and their use"}}},{"node":{"fields":{"slug":"/admin/3-authz/14-menus/4-Config-Lhand-menu-SS-MyInfo","title":"Configurable left-hand menu in SelfService 'My Info' page"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/2-createrole","title":"Create role"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/1-role-types","title":"Types of roles existing in OpenIAM"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/3-findrole","title":"Finding an existing role"}}},{"node":{"fields":{"slug":"/admin/3-authz/2-roles/5-importingroles","title":"Importing roles"}}},{"node":{"fields":{"slug":"/admin/5-lifecycle/11-provisioning-config/1-prepost-processor","title":"Pre/PostProcessor"}}},{"node":{"fields":{"slug":"/admin/8-sso/1-saml/1-jit-provisioning","title":"Just-in-time Provisioning"}}},{"node":{"fields":{"slug":"/admin/3-authz/3-groups/1-create-group","title":"Creating a group"}}},{"node":{"fields":{"slug":"/admin/4-app-onboarding/2-Manual-applications/1-reg-applications","title":"Register applications"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/2-postmanconfig","title":"Create Postman collection"}}},{"node":{"fields":{"slug":"/admin/8-sso/2-oauth2/1-Auth-code-grand","title":"Authorization code grant type"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/3-add-request","title":"Define an API request in Postman"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/2-winlocalv5","title":"Version 5"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/10-winlocal/1-winlocalv4","title":"Version 4"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/1-createauthprovider","title":"Create OpenIAM Provider for Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/4-JWT-tokens","title":"Getting started with JWT tokens in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/5-postman-links","title":"Postman API documentation links"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/1-createauthprovider","title":"Create OpenIAM oAuth provider in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/1-postman/6-example","title":"Client credentials flow with a defined scope in Postman"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/2-grantinguathz","title":"Granting authorization to the API with Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/4-enabling-disabling-user","title":"Enabling/Disabling a user with API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/3-api-call-examples","title":"API calls examples in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/5-object-oriented-impl-example","title":"Object oriented implementation for REST API in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/2-python/6-OTP-verification","title":"OTP Verification in Python"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/3-creating-searching-users","title":"Creating and searching a user with API call in Java"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/4-calls-examples","title":"API calls examples in Java"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/5-enabling-disabling-users","title":"Enabling/Disabling a user with API calls examples in Java"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/3-azuread","title":"Entra ID"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/1-autoprov/1-newhires","title":"New hires"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/6-importroles","title":"Import Roles"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/1-createauthprovider","title":"Create OpenIAM Provider"}}},{"node":{"fields":{"slug":"/developerguide/2-api/3-java/2-grantauthz","title":"Granting authorization to the API with Java"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/2-rpm","title":"Connectors via RPM"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/3-docker","title":" Connectors via Docker"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/1-configuring-synch","title":"Configuring synchronization for importing entitlements"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/1-connect/4-k8","title":" Connectors via Kubernetes"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/3-troubleshooting","title":"Troubleshooting"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/2-policymap","title":"Policy map"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/3-creatingrole","title":"Creating role"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/1-config-synch","title":"Configuring synchronization for importing users and their entitlement memberships"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/3-common-questions","title":"Common questions"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/4-birthright","title":"New hire"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/1-provisioningCSV","title":"Creating a synchronization configuration for the source"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/6-termination","title":"Terminations"}}},{"node":{"fields":{"slug":"/getting-started/6-automatedprovisioning/2-tutorial/5-transfer","title":"Transfer"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/1-one-node","title":"Single node deployment"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts","title":"Transformation scripts"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/3-nonroot-partition","title":"Installing OpenIAM on a non-root partition"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/5-ports/2-three-node","title":"Three node cluster"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/1-rpm-with-internet","title":"Installation with Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/10-upgrading-2026-4-2","title":"Upgrading OpenIAM to v.2026.4.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/10-upgrading-2026-5-1","title":"Upgrading OpenIAM to v.2026.5.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/1-databasemigration","title":"Database migration from version 3.X to 4.X"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/3-upgradingto-42111","title":"Upgrading from versions 4.2.1.9-4.2.1.10 to version 4.2.1.11 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/1-singlenode/2-rpm-no-internet","title":"Installation without Internet access"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/2-upgradingto-42110","title":"Upgrading from version 4.2.1.5-4.2-4.2.1.8 to version 4.2.1.10 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-migrating-index-data","title":"Migration of index data from older ElasticSearch versions to newer one"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/4-upgradingto-42112","title":"Upgrading from versions 4.2.1.x to version 4.2.1.12 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-infrastructure_upgrade","title":"Infrastructure upgrade"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/7-upgradingto-422","title":"Upgrading OpenIAM from versions 4.2.1.x to 4.2.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/6-infra-upgrade-42113","title":"Infrastructure upgrade in v4.2.1.13"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-1","title":"Upgrading OpenIAM to v.2026.3.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-3-2","title":"Upgrading OpenIAM to v.2026.3.2 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/9-422-changes","title":"Known issues related to upgrading from 4.2.1.x to 2026.4.1 version"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/8-upgrading-2026-2-1","title":"Upgrading OpenIAM to v.2026.2.1 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/1-oracle","title":"Installing OpenIAM with a remote Oracle database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/2-postgres","title":"Installing OpenIAM with a remote Postgres database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/6-upgrading/5-upgradingto-42115","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in RPM"}}},{"node":{"fields":{"slug":"/installation/1-rpm-installation/7-remoteDB/3-MSSQL","title":"Installing OpenIAM with a remote MSSQL database in RPM environment"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/1-upgrade-4219","title":"Upgrade from version 4.2.1.5-4.2.1.8 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/2-upgrade-42110","title":"Upgrade from version 4.2.1.9 to version 4.2.1.10 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/3-upgrade-42111","title":"Upgrade from version 4.2.1.10 to version 4.2.1.11 in Docker"}}},{"node":{"fields":{"slug":"/installation/2-docker-installation/3-upgrading/4-upgrade-42115","title":"Upgrade from version 4.2.1.x to version 4.2.1.15 in Docker"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/3-upgrade-42113k8-rabbitmq","title":"Upgrading from version below 4.2.1.8 to version 4.2.1.13 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/4-upgrade-42115k8","title":"Upgrading from versions 4.2.1.x to version 4.2.1.15 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/6-upgrade-422k8","title":"Upgrading from version 4.2.1.x to version 4.2.2 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/5-upgrading/5-upgrade-42112k8","title":"Upgrading from version 4.2.1.x to version 4.2.1.12 in Kubernetes environment"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/1-gce","title":"GCE Kubernetes guide"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/2-aws","title":"AWS Kubernetes guide"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/3-helm","title":"Private Kubernetes Cluster using Helm"}}},{"node":{"fields":{"slug":"/installation/6-kubernetes-installation/6-k8platforms/4-azure","title":"Azure Kubernetes Guide"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/3-ldapattributeslists","title":"LDAP Attribute list for User Synchronization"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/1-ldapvalidation","title":"Synchronization Validation Script"}}},{"node":{"fields":{"slug":"/developerguide/9-synchronization/2-import/ldap/2-ldapsynchusers","title":"LDAP User Synchronization Script"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/1-ADgroup-transformation","title":"Sample transformation script for AD groups"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/2-importentitlements/2-transformationscripts/2-csv-transformation","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/4-csv-users-entitlements","title":"Sample transformation script for a CSV file"}}},{"node":{"fields":{"slug":"/getting-started/4-application-onboarding/3-importusers-and-entitlements/2-transformationscripts/3-ADtransformation-usergroup","title":"Sample transformation script for AD users and group memberships"}}},{"node":{"fields":{"slug":"/changelog/21-Release-4.2.2","title":"Release 4.2.2"}}},{"node":{"fields":{"slug":"/connectorconfig/microsoft/4-adpowershell","title":"Active Directory PowerShell connector"}}},{"node":{"fields":{"slug":"/appendix/5-message_en_file","title":"Message properties"}}}]}},"pageContext":{"id":"89b3ada1-9f53-52db-a281-21c766dfd99f"}}, "staticQueryHashes": ["2619113677","3706406642","417421954"]}