You're viewing OCI IAM documentation for new tenancies in regions that have been updated to use identity domains.

Understanding Full and Incremental Sync

You can synchronize users and groups from selected organizational units (OUs) in Microsoft Active Directory into IAM. You can perform either an incremental sync or a full sync. Learn about syncing new OUs and read some example use cases.

Syncing New Organizational Units

Before 20.1.3, OU sync was triggered by the bridge every minute so that newly added OUs in Microsoft Active Directory were automatically available in IAM. Starting with the 20.1.3 release, when you add a new organizational unit (OU) in Microsoft Active Directory, you must perform an incremental or full sync to see the newly created OU in IAM. We recommend that you to run an incremental sync when adding new OUs.

Use Case: Delete Users and Groups from Microsoft Active Directory

Microsoft Active Directory is an authoritative source. Users that are deleted from Microsoft Active Directory are unlinked and deactivated in IAM. You can then remove these users from IAM.

When groups are deleted from Microsoft Active Directory, upon a full or incremental sync, these groups are also removed from IAM.

Use Case: Reattach an Unlinked User in IAM

Consider you want to create previously unlinked users in Microsoft Active Directory with the same usernames. When you next perform a full or an incremental sync, these users in Microsoft Active Directory are reattached to the associated users in IAM.

The reattached user's authentication will be delegated to Microsoft Active Directory if delegated authentication is activated in IAM. For example, a user is synced from multiple Microsoft Active Directory domains into IAM. All these domains are authoritative because Microsoft Active Directory is an authoritative source. If you delete a user from one of the domains, then the user is unlinked in IAM. If you resync the user to a different Microsoft Active Directory domain, then this domain now becomes authoritative for the user.