After some back and forth with support about why running unoptimized aggregations after account moves has resulted in duplicate accounts, they’ve come back and said manual moves in AD are not supported.
Does anyone have any suggestions on how to enable ad-hoc account moves via IDN?
Hey @tomkelly!
This wiki article might be able to help you com up with a solution. It explains some of the best practices for managing account moves in IDN and CN naming. I know you were specifically asking about account moves outside of IDN, but this might help better explain why duplicates are getting created in your situation.
If you are manually moving accounts in AD, you would want to make sure an aggregation is run on the AD source before any provisioning occurs for the identity (authoritative source aggregation, role provisioning, access requests, etc.), as this could lead to a duplicate being created or the provisioning actions failing.
Please let me know if this helps!
Hi Tom,
If you’re looking to prevent duplicate account creation after an account is moved outside of ISC, There are a few suggestions in this recent post: New AD Account Created during AD Aggregation