Document version (last updated) : August 30th, 2022.
Note: If you downloaded this PSD before the date above, please remove it and reinstall with this PSD.

Prerequisite

• A PhenixID Identity Manager (IM) 6.0.3 or later running
• A PhenixID Identity Provisioning (PIP) 6.1.0 or later running
• NOTE: For better understanding of how PIP and PIP communicate using REST Web Service, please read PSD1062.

Situation

The main focus for this use case are two things:

• Create Office 365 account
• Create a home directory with an Active Directory account

Both bullets above will use two different powershell scripts.

Configuration

This PSD includes configuration so you can set this up in your own environment. First you need to download a ZIP file that contains a number of files. Open the different files and update them to map your environment, e.g change to your Active Directory name.

Use Cases

1. Download and extract configuration ZIP

Download the PSD1176.zip file.
Extract the zip-file.

2. PIM files and configuration

2.1 – Add PIM configuration for use case

1. From ZIP-file open folder \..\PSD1176\PIM
2. Copy folder UC – PSD1176 – Create Office 365 account with home directory and paste it to your IM installation and the /role folder.
   Example path to role folder \..\PhenixID\IM\customer\role
3. Open DSEditor.properties
   1. Find and update below parameters to map your environment:
      BASEDN=DC=demo,DC=phenixid,DC=net
      filter.PIPFilter.URL=http://127.0.0.1:8085
   2. Save file and restart PhenixID Identity Manager service
4. Open Create Office 365 account with home directory.xml file
   1. Find VirtualViewBaseDNs parameter (line 25) and change value to map an OU in your environment.

3. PIP files and configuration

3.1 – Import PSD1176_PIP.aax

1. Open the Identity Provisioning Configurator
2. Click File -> Import Objects
3. In the extracted ZIP you downloaded, open /../PSD1176/PIP folder.
4. Choose PSD1176_PIP.aax
5. Click Import Objects
6. When imported it should look below. verify that Data source AD-DEMO matches your environment and connection works ok.
7. Save the PIP configuration

3.2 – Change data source to map your Active Directory

1. Open PIP configurator
2. Expand Data Sources and click LDAP PIM-UC
3. Change configuration to map you environment

3.3 – Create Global parameter for where the Root of your AD

1. Open PIP configurator
2. Click Tools and Global Parameters
3. Add one custom parameter for the root of your LDAP/AD.
   1. LDAPRoot – e.g. DC=company,DC=local
   2. Click OK
   3. Save PIP configuration
4. Add one custom parameter for Office 365 suffix used for UPN
   1. Off365_UPN – e.g. PhenixID.onmicrosoft.com
   2. Click OK
   3. Save PIP configuration

3.4 – Create and OU in Active Directory called PSD1176 under LDAPRoot
E.g. OU=PSD1176,DC=company,DC=local

4. Powershell script

4.1 – Add Powershell script to create Office 365 accounts and home directory

1. In the zip-file and the /../Powershell folder. Copy the two files and place them to in C:\

4.2 – Change script to map to your Office 365 login data

For more info about the asked IDs below, please read PSD1200.

1. Open script
2. Find your_app_id and add your APPID
3. Find your_tenant_id and add your TENANTID
4. Find your_thumbprint_id and add your certificate THUMBPRINT

4.3 – Add folder where home directories will be created

1. The 365_HD_CreateHomeDirectory.ps1 will be used to create home directories.
2. All home directories will by default be created at c:\temp
3. If you do not have a temp folder, then create one.

4.4 – Allow script to be trusted on your Windows Server

1. Right click each of the two script and select Properties.
2. Unselect checkbox Unblock to trust the scripts, see image below