My Oracle Support Banner

How to Configure Centrally Managed Users For On-Premise Databases Release 18c or Later Releases (Doc ID 2462012.1)

Last updated on NOVEMBER 20, 2023

Applies to:

Oracle Database - Enterprise Edition - Version and later
Advanced Networking Option - Version and later
Information in this document applies to any platform.


Starting with 18c database users can be directly authenticated and authorized against Active Directory without using Oracle Enterprise User Security (EUS) or another intermediary directory service.   Users can authenticate to the Oracle Database using credentials stored in Active Directory and also be associated with database schemas and roles using Active Directory groups. Microsoft Active Directory users can be mapped to exclusive or shared Oracle Database schemas and associated with database roles in the directory.

This note is intended to provide a quick overview on the steps needed to quickly setup authentication for CMU users and a few  troubleshooting steps for the known issues.


You should have read and be familiar with the following documents to understand the concepts of Centrally Managed Users.

Oracle Database Release 18 Security Guide, Chapter 5 "Configuring Centrally Managed Users with Microsoft Active Directory".

Oracle Database Release 19 Security Guide, Chapter 6 "Configuring Centrally Managed Users with Microsoft Active Directory".

Oracle Database Release 21 Security Guide, Chapter 6 "Configuring Centrally Managed Users with Microsoft Active Directory".



Important !!! 

1. The minimum version requirement for Active Directory server is Windows 2012.

2. CMU is not available as a feature in Standard Edition, see Licensing Information.

3. Apply the Mandatory Patches for CMU in 18C / 19C Database as explained in <Note 2716598.1>

<Patch 31404487> replaces <patch 28994890>.

If patch 28994890 was applied on top of a 18c database DBRU (where DBRU version is lower than 18.11), then roll back patch 28994890, and only apply patch 31404487 to database 18c.

If the 18c database version is equal to or higher than DBRU 18.11, where bug 28994890 has been included in the base line DBRU, then apply patch 31404487 on top of the 18c DBRU directly.


Note that the patches are only applicable to on-premise databases. The content of the patches have been included in Autonomous Databases (ADBS) for CMU. For configuring CMU with Microsoft Active Directory on Autonomous Databases, refer to the documents at:

"Use Microsoft Active Directory with Autonomous Database"

"Configure CMU with Microsoft Active Directory on Autonomous Database"


Note : Microsoft plans to desupport 2012 in 2026

          We recommend customers to migrate to a later AD version before their version is desupported by Microsoft




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 I Download the latest version of 'opwdintg.exe' for Password Authentication Integration
 II Configure the integration between Microsoft Active Directory and the Oracle Database
 III Configure Password Authentication for Centrally Managed Users
 IV Configure Authorization for Centrally Managed Users
  V Configure Kerberos Authentication
  VI Configure TLS authentication
  VII Known Issues and Troubleshooting Steps
 VIII How to investigate connection issues
 Additional Information:

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.