cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD group creation in VDS

Former Member

on ‎09-09-2009 5:15 AM

0 Kudos

Hi,

Is it possible to create AD groups in VDS through IDM?

Regards,

mary

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎09-09-2009 2:38 PM
0 Kudos

Hi Mary

I also think that you won't be able to create a ADS group "through" VDS as I think VDS only supports reading an LDAP directory.

However, I suppose it's an easy task to create a group in a LDAP directory through IdM. In case you use the SAP Provisiong Framework it may be possible to create a group and read that group again with e.g. an UpdateAll-task. The other way (create a group in Identity Store, put some members in it using the NetWeaver-UI and provision this to the respective system) might become quite a big task to accomplish.

I also doubt anyone has done this before? As I understood IdM was built for managing users.

If you make any progress please report it here

Regards

Michael

Show replies
Show replies
Former Member
‎09-09-2009 3:44 PM
0 Kudos

VDS does suport write operations.

I suppose you could do this, but it would be a better task for IdM itself.

Mary, can you spell out the use case in more detail please?

Thanks,

Matt

Former Member
‎09-11-2009 4:24 AM
0 Kudos

Hi All,

Thanks for ur replies.

actual use case is: We want to connect to MOS from IDM. a Group will be created in IDM and this group has to be createad as a AD group in VDS, and from VDS the info will be directed to MOS.

Is there any other possible ways to connect MOS from IDM?

Thanks in Advance.

Regards,

Mary

Former Member
‎09-11-2009 9:16 PM
0 Kudos

Wht is MOS?

Former Member
‎09-14-2009 10:36 AM
0 Kudos

MOSS * - Microsoft Office SharePoint Server

Former Member
‎09-14-2009 6:25 PM
0 Kudos

Thanks, Mary, that's what I thought it was.

Problably the easiest thing to do is a ToLDAP pass from IdM directly to AD.

You can easily assign the user to a group via the memberOf attribute. I think there are examples of this on another thread.

Cheers,

Matt

Former Member
‎09-16-2009 6:43 AM
0 Kudos

Dear Matt,

Thanks for ur reply. even we had the same plan to implement it. but acc to our ORG policies we can use AD as source and not as destination.

that is y we are looking for some alternate ways without connecting to AD.

Regards,Mary

Former Member
‎09-16-2009 5:50 PM
0 Kudos

Mary, this does not make much sense since even a virtualized AD would still result in AD write operations.

Your only other bet would be to create a virtual repositiory, put the AD group name in the structure and have MOSS point to that.

HTH,

Matt

Former Member
‎09-09-2009 2:08 PM
0 Kudos

VDS is not an LDAP in itself. It acts like an LDAP and if you choose to connect an AD and wish to create groups in it, surely that would be possible. Have you had a look at the document titled: "SAP NetWeaver® Identity Management

Identity Center Tutorial - Working with Microsoft Active Directory".

Best regards,

Anders

Show replies
Show replies
Ask a Question