Hello everyone
I’m having problems with account creation in Active Directory.
When I run an identity refresh with role provisioning, I don’t see the create operation in the provisioning transactions.
However, I see that IIQ has tried to create the account. And when I run the AD aggregation, it appears created.
What’s going on?
Hi @gsierra ,
You can’t see create operation in provisioning transaction if it is role (business role which contains assignment rule and match it) got assigned throw refresh task. That is how it works. It is expected.
Coming to your problem statement, I believe you are passing all the list of required attributes in the provisioning policy form. If not, please check that. And also, please check in AD if the account is created with all attributes you provided or not.
For easily tesing, you can do one. First request the role (if you want, you can remove the assignment rule) from manage user access instead of using refresh task. So that you can check the provisioning transaction in which you can see how many attributes and operations are coming. For this one, the provisioning transactions have the details.
Later, you can use business logic in the assignment rule and add it to the role. It will work.
Hi! @bhanuprakashkuruva
The create operation should appear in the provisioning transaction table even if you use an assignment rule in the business role. I have already tried it in another environment and this is how it is. The problem is that IIQ successfully creates the account in AD, but leaves no records of the operation anywhere.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.