ssel
June 25, 2025, 9:52am
1
Hi,
I would like to update the below attributes in AD when the account is disabled by the provisioning policy.
j_place
June 25, 2025, 10:58am
2
Hi @ssel - I believe the attributes msExchHideFromAddressLists, and showInAddressBook are available for LDAP updates, so shouldn’t need the PowerShell, just map the attributes.
1 Like
ssel
June 25, 2025, 3:43pm
3
Sorry, I am little confused, can you please tailor the explanation? below is my velocity script that’s being used in disable provisioning policy,#if ($event =="terminated")$true#end”#if ($event =="terminated")$null#end”
j_place
June 25, 2025, 4:05pm
4
Hi @ssel I’m going to assume that your current DISABLE provisioning policy is working at the moment, albeit without the Hide From Address Lists?
Something like this should also set the msExchHideFromAddressLists (I would start with that):
{
"name": "DISABLE",
"description": "string",
"usageType": "DISABLE",
"fields": [
{
"name": "AC_NewParent",
"transform": {
"attributes": {"value": "OU=Disabled Accounts,OU=Disabled User Accounts, DC=uat,DC=org"},
"id": "AD Leaver Disable Transform",
"type": "static"
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
{
"name": "description",
"transform": {
"type": "static",
"attributes": {
"date": {
"type": "substring",
"attributes": {
"begin": 0,
"end": 10,
"input": {
"type": "dateMath",
"attributes": {
"expression": "now",
"roundUp": true
}
}
}
},
"value": "Disabled by IDN on $date"
},
"internal": false
},
"attributes": {},
"isRequired": false,
"type": "string",
"isMultiValued": false
},
{
"name": "msExchHideFromAddressLists",
"transform": {
"type": "static",
"attributes": {"value": "TRUE"}
},
"attributes": {},
"isRequired": false,
"type": null,
"isMultiValued": false
}
]
}
ssel
June 25, 2025, 4:09pm
5
Jeremy Place:
TRUE
Thanks, I will give it a try.Also any idea for clearing the showInAddressBook?
j_place
June 25, 2025, 4:20pm
6
I was always under the impression that Exchange would sort that out after the Hide From Address Lists was set, but I see some posts saying that you also need to clear the Show In Address Books. I would suggest see how you get on just with that (give it a while for Exchange to catch up). Can I ask you in Hybrid Exchange/Hybrid Identity modes?
ssel
June 25, 2025, 4:47pm
7
Unfortunately we don’t have a test exchange server so I cannot test it out…I can check only in on prem AD since we run in a hybrid environment, meaning on prem AD synced with Azure AD and then to Exchange, hoping that the attributes will set the way it’s supposed to.
j_place
June 25, 2025, 5:41pm
8
Im not entirely sure from your answer whether you are in Exchange hybrid mode. I ask coz the Show in Address Books attribute only has a bearing for on-prem Exchange. If I were you, before setting the prov policy, I would set the msExchHideFromAddressLists attribute manually to true on a live ad user and see if you get the results you’re after.
ssel
August 1, 2025, 7:45pm
9
Thank you so much, that makes sense.
I would say check standard before provisioning rule which is written by Sailpoint . It would be easy to handle using that rule
system
September 30, 2025, 7:53pm
11
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.