• State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 93 subscribers
  • Views 3314 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to push back attributes computed by template during Synchronisation ?

henri.lefevre
over 5 years ago

Hello,

I am working on an Active DIrectory on which I am provisioning accounts. The accounts are pushed in a generic OU.

They are moved to their final OU by the administrators of the Active Directory domain.

When synchronizing back this final OU I am computing some attributes using templates such as SharedAs@ADSAccount, HomeDrive@ADSAccount, etc. and I want those attributes to be pushed back to Active Directory during the synchronization (The one gathering the new OU or the next one).

This never occurs, it seems that the AD connector does not take the templates computations into account (and the process ADS_ADSAccount_Update/(De-)activate does not generate because of the FULLSYNC condition).

In the next synchronizations the fields are not taken into account.

Is there a way to setup the connector such as it sees that templates are executed and pushes the new values to the Target System during the synchronization ?

 

Best Regards,

  • 0 over 5 years ago
    Hi Henri,

    HomeDrive is already mapped, by default, for user objects, but SharedAs is not.

    The condition for HomeDrive is: if it's NOT a full sync, then do this. What have you used for your template?

    For SharedAs you will need to add the mapping as well. And what have you added as a template?

    Thanks
  • 0 over 5 years ago
    Dear Trevor,

    Thanks for the reply,

    I have actually no issue with Templates.

    The synchronization occurs, gathers the new dn and computes the HomeDrive/HomePath correctly. SharedAs is only usef in the computation of HomeDrive and I do not want to push it in AD.

    The issue is that the AD connector does not pushes back the values computed by my templates (I removed FULLSYNC and used custom business rules for computation).

    I tried to build a specific mapping (Going from OIM to the AD) based in user with only the attributes I want to push back in AD. I added this mapping in the Initial synchronization workflow but this does not work.

    I will try to fire an event UPDATE on the ADSAccount entries with an updated dn during synchonization such as it generates an ADS_ADSAccount_Update...process. I will also modify the ForceSyncOf (of stg like that) in the ADHocProjection step in order to add my attibutes into the list.

    I am not sure that this is a clean solution/That it will work and I was looking for a standard solution !
  • 0 over 5 years ago in reply to henri.lefevre

    Actually a colleague gave me a suitable solution to compute templates during Active Directory synchronization:

    • The templates have to be protected by FULLSYNC 

    • A process runs on the modified ADSAccount provided that FULLSYNC (This variable is only seen by the Generating condition of the process) is true and that UID_ADSContainer@ADSAccount changes.

    • The process has a unique ExecuteTemplate step which computes the new values of the fields on the ADSAccount entry

    • Then the process ADS_ADSAccount_Update... runs as it is not impacted by the FULLSYNC protection this way

    This works !

  • 0 over 5 years ago in reply to henri.lefevre

    Thanks for sharing. This is definitely the way to solve this.