When an account request is submitted and provisioned, for one of the application the request shows Execution Status: Completed but for other application request it shows Execution Status: Verifying and is stuck there even after we run “Perform Identity Maintenance” task.
I have checked docs and community and found few articles where this is happening because pwdLastSet attribute is stuck at committed and not changing Finished or Not Verifiable.
Weird thing is both are AD apps and its happening for only 1 app and other one is working fine.
we are setting value pwdLastSet to true in both apps.
I could have resolved it by removing the pwdLastSet value from prov policy but we need user to reset password on next logon so we have to set this value during account creation.
@aakashpandita You should not be needing a custom task to do that, IIQ should do it automatically for you.
IIQ needs to validate the values of provisioned attribute against the schema attributes after aggregation. If there is a mismatch, then IIq will keep the request in Verifying state and eventually end with Not Verifiable state.
So in your case, could you please confirm what is the value in provisioning vs after aggregation for both apps.
The pwdLastSet value gets changed as soon as it is set in AD. From prov form we are setting it to 0 and as soon as account gets created AD sets it to its Windows timestamp. That is why Perform Identity Request Maintenance is not able to verify this attribute, sue to this mismatch. So I created a separate task to mark IdentityRequest as verified.