Hi all,
We are trying to update an extensipnattribute6 onto AD through refresh. The attribute is set as the target for an identity attribute “employeetype”.
This is not working when we refresh the user in UAT. But with the same configuration, we are able to update the attribute in Production environment.
Are we missing to look somewhere in UAT/
Thanks in advance
Hi @rishavghoshacc ,
Please enable the Synchronize attributes option in your Refresh Identity task. Therefore the values will be provisioned to the target application.
@Vinodcsod the option is already checked on both the environments
Please check your AD schema attributes, weather you added that Extension-Attributes, & verify the target mappings in Identity mapping of that particular attribute? And restart your tomcat server and try again.
Hi @rishavghoshacc Are other synchronised attributes getting updated on refresh? Any log messages would be useful here. I find it hard to think it’s this, but per-attribute permissions can get set on AD, IIRC.
@Vinodcsod the attribute is set in the schema attribute in both the environments
@j_place i feel it might be a permission issue with the attribute. Any idea how we can check this?
Hi @rishavghoshacc,
Did you setup the Target Mapping for employeeType identity Attribute?
How the Attribute synchronization configured?
Could you please share the screenshot of employeeType Identity Attribute from Identity Mapping.
@Arun-Kumar The target mapping is set to point to the extensionattribute1 of AD. And Provision All accounts is set to true.
Hi @rishavghoshacc As with all AD integrations I would recommend using an LDAP client (such as LDP.EXE) with the service account credentials to check how the connector permissions. Per-attribute permissions can be viewed using ADUC.
Hi @j_place I dont see the attribute in the transactions also. I assume even if this is a permission issue, we should at least be able to see the attribute on the transaction right?
Exactly. Like I say above, I think it unlikely to be permissions, just worth mentioning. 2 things; you mention extensionAttribute6 in the OP and extensionAttribute1 in the screen shot. Also, is there a tranformation rule on the attribute? - if so, do you know it’s working correctly and not returning null?
For reference, I still strongly recommend the use of an LDAP client to check the interface prior to/in parallel with configuring of IIQ. I use it as a quality check - manually create an account with the expected configuration using LDP then check with the AD guys that that is what they expect.
Refresh Identity task configuration.By systematically comparing configurations and logs between environments, you should identify and resolve the discrepancy in updating extensionAttribute6. Let me know if you need further clarification!
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.