Active Directory DN

This connector uses protocols and interfaces built into the Windows server operating system to update and retrieve information from Microsoft Active Directory.

Connection to the domain can either be made using a domain administrator account or delegated ID. ADSI services are used to connect to the domain. The connector uses ADSI LDAP provider for all operations using the distinguished name. If the target system is configured to use SSL, an LDAP SSL connection is used. Otherwise, a secure connection using Kerberos is made over LDAP.

The Bravura Security Fabric Active Directory DN connector can dynamically identify the most suitable domain controllers on which to make password updates in order to expedite replication of the new password and intruder lockout flag for the user. For example, a password update and cleared lockout may be set on a DC in the same site as the user’s current workstation (identified by IP address), or nearest the user’s home directory file server. In either case, no connector software must be installed on the target Windows domain controllers.

The following Bravura Security Fabric operations are supported by this connector on user, account and account group-type objects (depending on your product license and version):

The connector supports following operations when managing contacts (depending on your product license and version):

For a full list and explanation of each connector operation, see Connector operations.

When Bravura Identity is licensed, the connector can be configured with the nrcifs program to:

The connector is called by the Transaction Monitor Service (idtm). When Bravura Identity is installed, the connector is run by the View and update profile (IDR) module whenever users view resource details or manage group owners.

The following sections show you how to:

This chapter also describes how Bravura Security Fabric handles special attributes used when creating or modifying accounts on an Active Directory target.

See also