Hello all, newbie question here -
We are implementing IdM. I am the Active Directory guy. I manage AD and Exchange.
As we implement the SAP IdM solution, I am being told that all user management, in regards to group membership for users, must be performed in IdM. I should no longer use ADUC or PowerShell for group management because IdM will overwrite my group membership changes the next time it makes a change. And that IdM wants to be in the lead, owning user attributes like memberof.
On one level I understand this, but on other levels this seems very limiting. Not using PowerShell or Group Policies or the like to manage group membership, as I do now, would be hard.
Is it necessary for IdM to "own" membership? To be the sole manager of group membership? And for me to give up all other tools? Is there another way?
Thanks,
Paul