diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-guest-db.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-guest-db.xml
index 3ed5436..53d5050 100644
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-guest-db.xml
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-guest-db.xml
@@ -202,7 +202,7 @@
                         <path>assignment</path>
                     </target>
                 </inbound>
-                <inbound id="37">
+                <inbound>
                     <description>Assignment of role-ldap-basic role</description>
                     <strength>strong</strength>
                     <expression>
@@ -215,6 +215,19 @@
                         <path>assignment</path>
                     </target>
                 </inbound>
+                <inbound>
+                    <description>Assignment of role-ad-basic role</description>
+                    <strength>strong</strength>
+                    <expression>
+                        <assignmentTargetSearch>
+                            <targetType>c:RoleType</targetType>
+                            <oid>94a5b1b1-b7be-4ee5-a231-3f044d953448</oid>
+                        </assignmentTargetSearch>
+                    </expression>
+                    <target>
+                        <path>assignment</path>
+                    </target>
+                </inbound>
             </attribute>
             <attribute id="7">
                 <ref>ri:emailaddress</ref>
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml
index 2b065ed..b1be591 100644
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-ldap-main.xml
@@ -81,35 +81,35 @@
 			<auxiliaryObjectClass>ri:eduPerson</auxiliaryObjectClass>
 			<auxiliaryObjectClass>ri:eduMember</auxiliaryObjectClass>
 			<auxiliaryObjectClass>ri:incwbPerson</auxiliaryObjectClass>
-			<attribute>
-				<ref>ri:dn</ref>
-				<displayName>Distinguished Name</displayName>
+                  <attribute>
+                    <ref>ri:dn</ref>
+                    <displayName>Distinguished Name</displayName>
                 <limitations>
                     <minOccurs>0</minOccurs>
                 </limitations>
                 <tolerant>false</tolerant>
-				<matchingRule>mr:distinguishedName</matchingRule>
+                <matchingRule>mr:distinguishedName</matchingRule>
                 <outbound>
                     <strength>strong</strength>
-					<source>
-                        <path>employeeNumber</path>
+                    <source>
+                        <path>name</path>
                     </source>
                     <expression>
                         <script>
                             <code>
-                                'uid=' + employeeNumber + ',ou=People,dc=internet2,dc=edu'
+                                'uid=' + name + ',ou=People,dc=internet2,dc=edu'
                             </code>
                         </script>
                     </expression>
                 </outbound>
-			</attribute>
-			<attribute>
-				<ref>ri:cn</ref>
-				<displayName>Common Name</displayName>
-				<limitations>
-					<minOccurs>0</minOccurs>
-				</limitations>
-                <tolerant>false</tolerant>
+		</attribute>
+		<attribute>
+			<ref>ri:cn</ref>
+			<displayName>Common Name</displayName>
+			<limitations>
+				<minOccurs>0</minOccurs>
+			</limitations>
+                        <tolerant>false</tolerant>
                 <outbound>
                     <strength>strong</strength>
                     <source>
@@ -130,13 +130,13 @@
                         <path>extension/SIS_ID</path>
                     </source>
                 </outbound>
-			</attribute>			
-			<attribute>
-				<ref>ri:incwbPersonEmployeeID</ref>
-				<displayName>Employee ID</displayName>
-				<limitations>
-					<minOccurs>0</minOccurs>
-				</limitations>
+		</attribute>			
+		<attribute>
+			<ref>ri:incwbPersonEmployeeID</ref>
+			<displayName>Employee ID</displayName>
+			<limitations>
+				<minOccurs>0</minOccurs>
+			</limitations>
                 <tolerant>false</tolerant>
                 <outbound>
                     <strength>strong</strength>
@@ -144,13 +144,13 @@
                         <path>extension/HR_ID</path>
                     </source>
                 </outbound>
-			</attribute>
-			<attribute>
-				<ref>ri:incwbPersonGuestID</ref>
-				<displayName>Guest ID</displayName>
-				<limitations>
-					<minOccurs>0</minOccurs>
-				</limitations>
+		</attribute>
+		<attribute>
+			<ref>ri:incwbPersonGuestID</ref>
+			<displayName>Guest ID</displayName>
+			<limitations>
+				<minOccurs>0</minOccurs>
+			</limitations>
                 <tolerant>false</tolerant>
                 <outbound>
                     <strength>strong</strength>
@@ -158,10 +158,10 @@
                         <path>extension/Guest_ID</path>
                     </source>
                 </outbound>
-			</attribute>
-			<attribute>
-				<ref>ri:sn</ref>
-				<displayName>Surname</displayName>
+		</attribute>
+		<attribute>
+			<ref>ri:sn</ref>
+			<displayName>Surname</displayName>
                 <limitations>
                     <minOccurs>0</minOccurs>
                 </limitations>
@@ -195,11 +195,11 @@
                 <outbound>
                     <strength>strong</strength>
 					<source>
-                        <path>employeeNumber</path>
+                        <path>name</path>
                     </source>
                 </outbound>
-			</attribute>
-			<attribute>
+		</attribute>
+		<attribute>
 				<ref>ri:mail</ref>
 				<displayName>Mail</displayName>
 				<matchingRule>mr:stringIgnoreCase</matchingRule>
@@ -210,9 +210,9 @@
                         <path>emailAddress</path>
                     </source>
                 </outbound>
-			</attribute>
-			<attribute>
-				<ref>ri:employeeNumber</ref>
+		</attribute>
+		<attribute>
+			<ref>ri:employeeNumber</ref>
                 <tolerant>false</tolerant>
                 <outbound>
                     <strength>strong</strength>
@@ -220,11 +220,11 @@
                         <path>employeeNumber</path>
                     </source>
                 </outbound>
-			</attribute>
-			<attribute>
-				<ref>ri:businessCategory</ref>
+		</attribute>
+		<attribute>
+			<ref>ri:businessCategory</ref>
                 <tolerant>false</tolerant>
-			</attribute>
+		</attribute>
 <!-- 				<attribute>
 				<ref>ri:eduPersonAffiliation</ref>
 				<outbound>
@@ -235,7 +235,6 @@
 				</outbound>
                 <tolerant>false</tolerant>
 			</attribute> -->
-<!-- TODO MidPoint Basics Training, LAB 4-9, part 1 of 2: uncomment the following content -->
 <!--
             <activation>
                 <administrativeStatus>
@@ -243,7 +242,6 @@
                 </administrativeStatus>
             </activation>
 -->
-<!-- TODO MidPoint Basics Training, LAB 4-9, part 1 of 2: end of to-be-uncommented content -->
             <association>
                 <tolerant>false</tolerant>
                 <ref>ri:group</ref>
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-source-hr-sor.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-source-hr-sor.xml
index c37ac9a..01e0ad8 100644
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-source-hr-sor.xml
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-source-hr-sor.xml
@@ -109,6 +109,19 @@
                             <path>assignment</path>
                         </target>
                     </inbound>
+                    <inbound>
+                        <description>Assignment of role-ad-basic role</description>
+                        <strength>strong</strength>
+                        <expression>
+                            <assignmentTargetSearch>
+                                <targetType>c:RoleType</targetType>
+                                <oid>94a5b1b1-b7be-4ee5-a231-3f044d953448</oid>
+                            </assignmentTargetSearch>
+                        </expression>
+                        <target>
+                            <path>assignment</path>
+                        </target>
+                    </inbound>
                 </attribute>
                 <attribute>
                     <ref>ri:department</ref>
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-source-sis-persons.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-source-sis-persons.xml
index b9956e0..763da5d 100644
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-source-sis-persons.xml
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-source-sis-persons.xml
@@ -79,7 +79,7 @@
 				<ref>ri:uid</ref>
 				<displayName>UID</displayName>
                 <inbound id="34">
-				    <strength>strong</strength>
+		    <strength>strong</strength>
                     <target>
                         <c:path xmlns:incommon="http://grouper-demo.tier.internet2.edu">c:extension/incommon:SIS_ID</c:path>
                     </target>
@@ -108,6 +108,30 @@
                         </set>
                     </target>
                 </inbound>
+                <inbound>
+                    <strength>strong</strength>
+                    <expression>
+                        <assignmentTargetSearch>
+                            <targetType>RoleType</targetType>
+                            <oid>94a5b1b1-b7be-4ee5-a231-3f044d953448</oid>     <!--  role-ad-basic -->
+                            <assignmentProperties>
+                                <subtype>grouper-basic</subtype>
+                            </assignmentProperties>
+                        </assignmentTargetSearch>
+                    </expression>
+                    <target>
+                        <path>assignment</path>
+                        <set>
+                            <condition>
+                                <script>
+                                    <code>
+                                        assignment.subtype.contains('grouper-basic')
+                                    </code>
+                                </script>
+                            </condition>
+                        </set>
+                    </target>
+                </inbound>
                 <inbound>
                     <strength>strong</strength>
                     <expression>
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-target-ad.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-target-ad.xml
index 2533ff6..e43338e 100644
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-target-ad.xml
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/resources/100-target-ad.xml
@@ -1,4 +1,13 @@
-<resource xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" oid="6597e333-3f18-478d-84e7-58521a5eec2b" version="1">
+<resource xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+          xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+          xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" 
+          xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" 
+          xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" 
+          xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" 
+          xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" 
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+          xmlns:mr="http://prism.evolveum.com/xml/ns/public/matching-rule-3"
+          oid="6597e333-3f18-478d-84e7-58521a5eec2b" version="1">
     <name>Target: AD</name>
     <iteration>0</iteration>
     <iterationToken/>
@@ -12,7 +21,7 @@
     </connectorRef>
     <connectorConfiguration xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
         <icfc:configurationProperties xmlns:gen475="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/com.evolveum.polygon.connector-ldap/com.evolveum.polygon.connector.ldap.ad.AdLdapConnector">
-            <gen475:host>ad</gen475:host>
+            <gen475:host>dc1.ad.example.edu</gen475:host>
             <gen475:port>636</gen475:port>
             <gen475:connectionSecurity>ssl</gen475:connectionSecurity>
             <gen475:authenticationType>simple</gen475:authenticationType>
@@ -23,39 +32,309 @@
             <gen475:baseContext>DC=ad,DC=example,DC=edu</gen475:baseContext>
             <gen475:readSchema>true</gen475:readSchema>
             <gen475:allowUntrustedSsl>true</gen475:allowUntrustedSsl>
-        </icfc:configurationProperties>
+	</icfc:configurationProperties>
+        <icfc:resultsHandlerConfiguration>
+            <icfc:enableNormalizingResultsHandler>false</icfc:enableNormalizingResultsHandler>
+            <icfc:enableFilteredResultsHandler>false</icfc:enableFilteredResultsHandler>
+            <icfc:enableAttributesToGetSearchResultsHandler>false</icfc:enableAttributesToGetSearchResultsHandler>
+        </icfc:resultsHandlerConfiguration> 
     </connectorConfiguration>
-    <capabilities>
-        <native xmlns:cap="http://midpoint.evolveum.com/xml/ns/public/resource/capabilities-3">
-            <cap:schema/>
-            <cap:discoverConfiguration/>
-            <cap:activation>
-                <cap:status/>
-            </cap:activation>
-            <cap:credentials>
-                <cap:password>
-                    <cap:returnedByDefault>false</cap:returnedByDefault>
-                </cap:password>
-            </cap:credentials>
-            <cap:liveSync/>
-            <cap:create/>
-            <cap:read>
-                <cap:returnDefaultAttributesOption>true</cap:returnDefaultAttributesOption>
-            </cap:read>
-            <cap:update>
-                <cap:delta>true</cap:delta>
-                <cap:addRemoveAttributeValues>true</cap:addRemoveAttributeValues>
-            </cap:update>
-            <cap:delete/>
-            <cap:testConnection/>
-            <cap:script>
-                <cap:host id="1">
-                    <cap:type>connector</cap:type>
-                </cap:host>
-            </cap:script>
-            <cap:pagedSearch/>
-            <cap:auxiliaryObjectClasses/>
-        </native>
-    </capabilities>
+    <schema>
+        <!-- workaround to MID-2723 -->
+        <generationConstraints>
+            <generateObjectClass>ri:user</generateObjectClass>
+            <generateObjectClass>ri:group</generateObjectClass>
+        </generationConstraints>
+    </schema>
+
+    <schemaHandling>
+        <!-- handling of user accounts -->
+        <objectType>
+            <kind>account</kind>
+            <displayName>Default Account</displayName>
+            <default>true</default>
+            <objectClass>ri:user</objectClass>
+
+            <attribute>
+                <ref>ri:dn</ref>
+                <displayName>Distinguished Name</displayName>
+                <matchingRule>mr:distinguishedName</matchingRule>
+                <outbound>
+                    <source>
+                        <path>$user/name</path>
+                    </source>
+                    <expression>
+                        <script>
+                            <code>
+                                'CN=' + name + iterationToken + ',CN=Users,DC=ad,DC=example,DC=edu'
+                            </code>
+                        </script>
+                    </expression>
+                </outbound>
+            </attribute>
+            <attribute>
+                    <ref>ri:sAMAccountName</ref>
+                    <displayName>Login name</displayName>
+                    <outbound>
+                        <source>
+                            <path>$user/name</path>
+                        </source>
+                    </outbound>
+            </attribute>
+            <attribute>
+                <ref>ri:cn</ref>
+                <limitations>
+                    <minOccurs>0</minOccurs>
+                </limitations>
+                <outbound>
+                    <source>
+                        <path>$user/name</path>
+                    </source>
+                </outbound>
+            </attribute>
+            <attribute>
+                <ref>ri:sn</ref>
+                <limitations>
+                    <minOccurs>0</minOccurs>
+                </limitations>
+                <outbound>
+                    <source>
+                        <path>familyName</path>
+                    </source>
+                </outbound>
+            </attribute>
+            <attribute>
+                <ref>ri:givenName</ref>
+                <outbound>
+                    <source>
+                        <path>givenName</path>
+                    </source>
+                </outbound>
+            </attribute>
+            <attribute>
+                    <ref>ri:userPrincipalName</ref>
+                    <outbound>
+                    <source>
+                        <path>$user/name</path>
+                    </source>
+                    <expression>
+                        <script>
+                            <code>
+                                name + iterationToken + '@ad.example.edu'
+                            </code>
+                        </script>
+                    </expression>
+                </outbound>
+            </attribute>
+
+            <attribute><!-- Password expired: -1: not expired; 0: expired ("User must change password at next logon") -->
+                    <ref>ri:pwdLastSet</ref>
+                    <outbound>
+                    <expression>
+                        <value>-1</value>
+                    </expression>
+                </outbound>
+            </attribute>
+
+            <attribute>
+                <ref>ri:createTimeStamp</ref>
+                <fetchStrategy>explicit</fetchStrategy>
+            </attribute>
+
+            <attribute>
+                <ref>ri:nTSecurityDescriptor</ref>
+                <!-- This is defined as mandatory in top object class.
+                                     But it is not really mandatory. Well done Microsoft. -->
+                <limitations>
+                    <minOccurs>0</minOccurs>
+                </limitations>
+            </attribute>
+
+            <attribute>
+                <ref>ri:instanceType</ref>
+                <!-- This is defined as mandatory in top object class.
+                                     But it is not really mandatory. Well done Microsoft. -->
+                <limitations>
+                    <minOccurs>0</minOccurs>
+                </limitations>
+            </attribute>
+
+            <attribute>
+                <ref>ri:objectCategory</ref>
+                <!-- This is defined as mandatory in top object class.
+                                     But it is not really mandatory. Well done Microsoft. -->
+                                <!-- Be sure to update the suffix/value for your domain !!! -->
+                <limitations>
+                    <minOccurs>0</minOccurs>
+                </limitations>
+                <outbound>
+                    <expression>
+                        <value>CN=Person,CN=Schema,CN=Configuration,DC=ad,DC=example,DC=edu</value>
+                    </expression>
+                </outbound>
+            </attribute>
+
+<!--
+            <attribute>
+                <ref>ri:showInAdvancedViewOnly</ref>
+                <outbound>
+                    <source>
+                        <path>extension/showInAdvancedViewOnly</path>
+                    </source>
+                </outbound>
+            </attribute>
+-->
+            <association>
+                <ref>ri:group</ref>
+                <displayName>AD Group Membership</displayName>
+                <kind>entitlement</kind>
+                <intent>group</intent>
+                <direction>objectToSubject</direction>
+                <associationAttribute>ri:member</associationAttribute>
+                <valueAttribute>ri:dn</valueAttribute>
+                <shortcutAssociationAttribute>ri:memberOf</shortcutAssociationAttribute>
+                <shortcutValueAttribute>ri:dn</shortcutValueAttribute>
+                <explicitReferentialIntegrity>false</explicitReferentialIntegrity>
+            </association>
+
+          <activation>
+            <administrativeStatus>
+                <outbound/>
+            </administrativeStatus>
+          </activation>
+
+          <credentials>
+              <password>
+                  <outbound/>
+              </password>
+          </credentials>
+
+        </objectType>
+
+        <objectType>
+            <kind>entitlement</kind>
+            <intent>group</intent>
+            <displayName>AD Group</displayName>
+            <default>true</default>
+            <objectClass>ri:group</objectClass>
+            <attribute>
+                <ref>ri:dn</ref>
+                <matchingRule>mr:stringIgnoreCase</matchingRule>
+                <outbound>
+                    <source>
+                        <path>$focus/name</path>
+                    </source>
+                    <expression>
+                        <script>
+                            <code>
+                                'CN=' + name + ',CN=Users,DC=ad,DC=example,DC=edu'
+                            </code>
+                        </script>
+                    </expression>
+                </outbound>
+            </attribute>
+            <attribute>
+                <ref>ri:cn</ref>
+                <matchingRule>mr:stringIgnoreCase</matchingRule>
+                <outbound>
+                    <source>
+                        <path>$focus/name</path>
+                    </source>
+                </outbound>
+                <inbound>
+                    <target>
+                        <path>name</path>
+                    </target>
+                </inbound>
+            </attribute>
+            <attribute>
+                <ref>ri:description</ref>
+                <outbound>
+                    <strength>strong</strength>
+                    <source>
+                        <path>description</path>
+                    </source>
+                </outbound>
+                <inbound>
+                    <target>
+                        <path>description</path>
+                    </target>
+                </inbound>
+            </attribute>
+        </objectType>
+    </schemaHandling>
+
+    <synchronization>
+        <objectSynchronization>
+            <name>Account sync</name>
+            <objectClass>ri:user</objectClass>
+            <kind>account</kind>
+            <intent>default</intent>
+            <focusType>UserType</focusType>
+            <enabled>true</enabled>
+            <correlation>
+                <q:equal>
+                    <q:path>c:name</q:path>
+                    <expression>
+                        <path>$shadow/attributes/sAMAccountName</path>
+                    </expression>
+                </q:equal>
+            </correlation>
+
+            <reaction>
+                <situation>linked</situation>
+                <synchronize>true</synchronize>
+            </reaction>
+            <reaction>
+                <situation>deleted</situation>
+                <action><handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri></action>
+            </reaction>
+            <reaction>
+                <situation>unlinked</situation>
+                <action><handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri></action>
+            </reaction>
+            <reaction>
+                <situation>unmatched</situation>
+<!--                    <action><handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri></action>-->
+            </reaction>
+
+        </objectSynchronization>
+
+        <objectSynchronization>
+            <name>Group sync</name>
+            <objectClass>ri:group</objectClass>
+            <kind>entitlement</kind>
+            <intent>group</intent>
+            <focusType>RoleType</focusType>
+            <enabled>true</enabled>
+            <correlation>
+                <q:equal>
+                    <q:path>c:name</q:path>
+                    <expression>
+                        <path>$shadow/attributes/cn</path>
+                    </expression>
+                </q:equal>
+            </correlation>
+
+            <reaction>
+                <situation>linked</situation>
+                <synchronize>true</synchronize>
+            </reaction>
+            <reaction>
+                <situation>deleted</situation>
+                <action><handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#unlink</handlerUri></action>
+            </reaction>
+            <reaction>
+                <situation>unlinked</situation>
+                <action><handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#link</handlerUri></action>
+            </reaction>
+            <reaction>
+                <situation>unmatched</situation>
+<!--                    <action><handlerUri>http://midpoint.evolveum.com/xml/ns/public/model/action-3#addFocus</handlerUri></action>-->
+            </reaction>
+
+        </objectSynchronization>
+    </synchronization>
+
 </resource>
 
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-role-ad-basic.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-role-ad-basic.xml
new file mode 100644
index 0000000..274ec75
--- /dev/null
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-role-ad-basic.xml
@@ -0,0 +1,18 @@
+<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
+      xmlns:apti="http://midpoint.evolveum.com/xml/ns/public/common/api-types-3" 
+      xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+      xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" 
+      xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" 
+      xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"
+      xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" 
+      xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" 
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+      oid="94a5b1b1-b7be-4ee5-a231-3f044d953448">
+    <name>role-ad-basic</name>
+    <inducement id="1">
+        <construction>
+            <resourceRef oid="6597e333-3f18-478d-84e7-58521a5eec2b" relation="org:default" type="c:ResourceType" />     <!-- AD -->
+        </construction>
+        <order>1</order>
+    </inducement>
+</role>
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
index 3570a5b..601e34d 100644
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml
@@ -140,7 +140,7 @@
             <lockoutMaxFailedAttempts>3</lockoutMaxFailedAttempts>
             <lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration>
             <lockoutDuration>PT15M</lockoutDuration>
-            <valuePolicyRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="00000000-0000-0000-0000-000000000003" relation="org:default" type="tns:ValuePolicyType">
+            <valuePolicyRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="e9d96c61-261a-428d-b21a-d4bc359ea9df" relation="org:default" type="tns:ValuePolicyType">
             </valuePolicyRef>
         </password>
     </credentials>
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/users/600-user-banderson.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/users/600-user-banderson.xml
index eb6dd26..ed4b7f2 100644
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/users/600-user-banderson.xml
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/users/600-user-banderson.xml
@@ -25,7 +25,7 @@
     <familyName>Anderson</familyName>
     <credentials>
         <password>
-            <value>password</value>
+            <value>Password1</value>
         </password>
     </credentials>
 </user>
diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/valuePolicies/100-complex-password-policy.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/valuePolicies/100-complex-password-policy.xml
new file mode 100644
index 0000000..321ffa7
--- /dev/null
+++ b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/valuePolicies/100-complex-password-policy.xml
@@ -0,0 +1,52 @@
+<valuePolicy xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+             xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" 
+             xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" 
+             xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" 
+             xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" 
+             xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" 
+             xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" 
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+             oid="e9d96c61-261a-428d-b21a-d4bc359ea9df" version="1" >
+    <name>Complex Password Policy</name>
+    <description>Complex password policy</description>
+    <iteration>0</iteration>
+    <iterationToken/>
+    <stringPolicy>
+        <description>Testing string policy</description>
+        <limitations>
+            <minLength>7</minLength>
+            <minUniqueChars>3</minUniqueChars>
+            <checkAgainstDictionary>true</checkAgainstDictionary>
+	    <checkPattern/>
+            <limit>
+                <description>Alphas-Upper</description>
+                <minOccurs>1</minOccurs>
+                <maxOccurs>10</maxOccurs>
+                <mustBeFirst>false</mustBeFirst>
+                <characterClass>
+                    <value>ABCDEFGHIJKLMNOPQRSTUVWXYZ</value>
+                </characterClass>
+            </limit>
+            <limit>
+                <description>Alphas-Lower</description>
+                <minOccurs>1</minOccurs>
+                <maxOccurs>10</maxOccurs>
+                <mustBeFirst>false</mustBeFirst>
+                <characterClass>
+                    <value>abcdefghijklmnopqrstuvwxyz</value>
+                </characterClass>
+            </limit>
+            <limit>
+                <description>Numbers</description>
+                <minOccurs>1</minOccurs>
+                <maxOccurs>10</maxOccurs>
+                <mustBeFirst>false</mustBeFirst>
+                <characterClass>
+                    <value>1234567890</value>
+                </characterClass>
+            </limit>
+        </limitations>
+    </stringPolicy>
+</valuePolicy>
+
+
diff --git a/Workbench/webproxy/container_files/httpd/index.html b/Workbench/webproxy/container_files/httpd/index.html
index 3643a7d..06ea312 100644
--- a/Workbench/webproxy/container_files/httpd/index.html
+++ b/Workbench/webproxy/container_files/httpd/index.html
@@ -26,7 +26,7 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 The following repository and message exchange monitoring tools are available:
 <ul>
 <li><a href="https://__CSPHOSTNAME__/rabbit" target="TAP-WB-RABBIT">Rabbit MQ</a></li>
-<li><a href="https://__CSPHOSTNAME__/ldapadmin" target="TAP-WB-LDAPADMIN">LDAP Admin</a></li>
+<li><a href="https://__CSPHOSTNAME__/ldapadmin" target="TAP-WB-LDAPADMIN">LDAP/AD Admin</a></li>
 <li><a href="https://__CSPHOSTNAME__/phpmyadmin" target="TAP-WB-SQLADMIN">SQL Admin</a></li>
 </ul>
 <br />