Hi,
I am working on a use case, I could successfully do AD OU Movement when lifecycle state changes to inactive. (Account gets moved to OU=Disabled OU using AC_NewParent)
Now for the same account, if lifecycle state becomes Active, AD account is getting enabled but staying in the “Disabled OU”.
is there any way we can move the AD account back in the Active state OU using provisioning policies ?
Any insights are welcome.
Thanks
Vaibhav
It sounds like you need to have an identity attribute with a transform that calculates the correct OU as described in the best practice article, then have AC_NewParent set based on that identity attribute
Hi @Mark Cheek
I tried that, it works when I add Ac_Newparent attribute in DISABLE policy, but does not work when I add the AC_NewParent attribute in Enable policy
Can you post an example of your configs? I’ve never had a problem with it with something like the following:
{
"name": "Enable",
"description": null,
"usageType": "ENABLE",
"fields": [
{
"name": "AC_NewParent",
"transform": {
"attributes": {
"name": "adOrganizationalUnit"
},
"type": "identityAttribute"
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
}
]
}
You could run into a problem with distinguishedName conflicts if the CN is not unique, so that’s something to check, but probably a lower-likelihood issue.
Hi Kevin,
Thanks,
It is resolved using Enable policy, I was editing the AC_NewParent in CREATE policy instead…
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.