Active Directory Before Provisioning Rule - No logs generated for Troubleshooting

Hello Everyone,

We are faced with an issue where we are unable to identify if the BeforeProvisioningRule patched to an AD source is getting triggered or not.

We have patched the rule to the AD source using the patch API :

[ {

    "op": "add",

    "path": "/beforeProvisioningRule",

    "value": {

        "type": "RULE",

        "id": "<<Rule_id_here>>",

        "name": "AD RBA CORP Before Provisioning Rule"

        }

}

]

Our rule contains a logic to change the user OU’s in the target AD application based on the Account Sync enabled attributes. We are trying to get the account requests from the provisioning plan, modify the attribute request to contain an “AC_NewParent” attribute and returning it to the account request.

The problem that we’re faced here is that we’re unable to identify if the rule is getting triggered because even if the account sync attribute values are changing, we do not see any OU movement (which should ideally happen via the BeforeProvisioningRule).

Can someone please help us with your feedback on this?

Thanks in advance.

Regards,
Arshad.

If you get the AD source via the API does it show that your rule is configured as the beforeProvisioningRule? If it does, the rule should definitely be running before any provisioning.

Logging in BeforeProvisioning rules is limited. As I understand it, this is done on purpose to keep sensitive information in the ProvisioningPlan (like passwords) from being written to logs in clear text. When I need more visibility into a BeforeProvisioning rule at runtime I usually add a bit of logic to provision something into an unused attribute on the account. I’ve used the info attribute for AD in the past. Just don’t try to write huge amounts of data or even long strings to the field. I usually go with some kind of result code that I can then use to determine what’s going on at run time with my rule. Just don’t forget to remove that code once you’ve worked out your logic.