I would like to disable the exchange mailbox after a week after last day of the identity resigned date. We have a field “LastDate” to refer to the last day of the identity. Understood that we need to change the mailNickname attribute to blank in order to disable the mailbox:
Where do we set the mailNickname to blank value after 7 days? How do we set it in the Before Provisioning Rule? Understood we need to use Provisioning Plan modify plan, is there any resources that could show me how exactly we can use it?
Currently I am using RapidSetup Leaver to trigger and execute the disabling AD account and moving OU.
You can’t do this with just Rapid Setup. You might want to use a separate lifecycle event for it.
Alternatively, in the Rapid Setup leaver options for the application you could set the Add Comment option for ‘Later’ and set the Date to Delay to 7. You could set the AD description attribute as the comment attribute and the comment to something like “Mailbox Disabled”. Then in the application’s Before Provisioning rule, check the ProvisioningPlan that is being processed. If there is an AttributeRequest setting the description to the value you specified (e.g. “Mailbox Disabled”) you can modify the provisioning plan to set mailNickname to null and remove the AttributeRequest that is setting the description, so it never gets set.
May I know if there is any resources or examples on the AttributeRequest settings to refer to and learn more as this my first time working with provisioning policies.
The Before Provisioning rule will have access to the ProvisioningPlan (as the ‘plan’) variable. A ProvisioningPlan usually contains one or more AccountRequests, and you can get these in a list with plan.getAccountRequests(). Iterate through these and look for one that has a name of “description” and value of “Mailbox Disabled” (if that’s what you are setting in the comment in Rapid Setup). When you find one, modify the AccountRequest, removing the one that sets the description, and adding one that sets the mailNickname to null. Refer to ProvisioningPlan.AccountRequest and ProvisioningPlan.AttributeRequest in the javadocs for the methods you need.
Here’s some code that should help (not fully tested):
import sailpoint.object.ProvisioningPlan;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;
if (null != plan) {
List accReqs = plan.getAccountRequests();
if (null != accReqs && !accReqs.isEmpty()) {
for (AccountRequest accReq : accReqs) {
AttributeRequest attReqToRemove = new AttributeRequest();
attReqToRemove = null;
List attReqs = accReq.getAttributeRequests();
if (null != attReqs && !attReqs.isEmpty()) {
for (AttributeRequest attReq : attReqs) {
if ("description".equals(attReq.getName()) && "Mailbox Enabled".equals(attReq.getValue())) {
attReqToRemove = attReq;
}
}
}
if (null != attReqToRemove) {
accReq.remove(attReqToRemove);
AttributeRequest attReqToAdd = new AttributeRequest();
attReqToAdd.setName("mailNickName");
attReqToAdd.setValue(null);
attReqToAdd.setOperation(ProvisioningPlan.Operation.Set);
accReq.add(attReqToAdd);
}
}
}
}