We observe that the AD Sync is not happening whenever there is a change in the OU of the User. We are moving the Users OU during Termination and Rehire. However, we have some attributes(like accountExpires) which are expected to be Synched during Termination and Rehire along with OU Movement.
Our question is how to accomodate both the OU movement and corresponding Attribute Sync simultaneously.
If this is not possible, I am looking for some alternative feasible solution.
Also, we have same life cycle state(A) for both joiner and rehire scenarios. How can we distinguish the users for joiner and rehire?
Hi Sai,
Try to achieve this in before provisioning rule. In the Rule you can move the OU as well as change the attribute value you like. Just note that once the OU is moved a Full aggregation is required to bring everything in IdentityNow. Attached link for more details and code.
The OU moves should now be reflected in real time if done via rule, as per this article above. If that isn’t working for you please open a support ticket with Sailpoint for further assistance.