Distribution list creation in Sailpoint IIQ

How can we create the distribution list with the below exchange options

Uncheck “Automatically update email address based on email address policy“

@satheeshv -Could you explain the exact use case requirement?

Perform the below steps:

1. Go to Entitlements Catalog

image690×499 29.5 KB

2. Click new entitlement

image690×481 20.1 KB

3. Select your AD application and type = Group

image690×472 21.6 KB

4. Go to Object Properties and in Group Types you can select DistributionList

image690×499 20.5 KB

You can create a DL group type using the API that is listed below:

ProvisioningPlan plan = new ProvisioningPlan();
plan.setTargetIntegration("<App Name>");

//Set Object Request
ProvisioningPlan.ObjectRequest oR = new ProvisioningPlan.ObjectRequest();
oR.setApplication("<Appname>");
oR.setnativeIdentity("<GroupName>");
oR.setOp(ProvisioningPlan.ObjectOperation.Create);
oR.setType("group");

oR.add(new AttributeRequest("displayName", ProvisioningPlan.Operation.Set, "<groupName>");
oR.add(new AttributeRequest("mailNickname", ProvisioningPlan.Operation.Set, "<groupName>");
oR.add(new AttributeRequest("description", ProvisioningPlan.Operation.Set, "<test>");
oR.add(new AttributeRequest("groupTypes", ProvisioningPlan.Operation.Set, "<DistributionList>");

plan.add(oR);
Provisioner pro = new Provisioner(context);
pro.setSource("TargetAggregation");
pro.setNoCreateTemplates(false);
Attributes args = new Attributes();
args.put(“optimisticProvisioning”, true);
ProvisioningProject newProject = pro.compile(plan, args);
pro.execute(newProject);

Need a distribution list to be created like below

Uncheck “Automatically update email address based on email address policy“

image541×398 35 KB

@satheeshv -
Thanks for the clarification. Could you tell me how you’re currently creating DLs from IIQ (pure AD connector + Exchange/powershell script)? or How?

Powershell script not used.

creating DL by provisioning plan.

Hi @satheeshv based on my knowledge/understanding “which you need to validate it - because maybe it’s outdated“ this option is not an attribute based thing, so you need to run a PowerShell script to achieve it either via after script (native rule) or after provisioning rule…

Untested, but you could try mapping AD attribute msExchPoliciesExcluded with static value “{26491CFC-9E50-4857-861B-0CB8DF22B5D7}" which I understand excludes all Policies.

@satheeshv -

In your provisioning Plan set the value of msExchPoliciesExcluded attribute to {26491cfc-9e50-4857-861b-0cb8df22b5d7}.

Purpose: You can specify that the e-mail addresses must be updated based on recipient policy. If it is assigned a value 26491CFC-9E50-4857-861B-0CB8DF22B5D7, it means that auto policy is unchecked. When it is empty, it indicates that auto policy is enabled.

Reference - Manage and view msExchPoliciesExcluded attribute value using ADManager Plus

Let me know if you encounter any issue.

Thank you

@amit_1140 and @j_place this is interesting and super useful if it’s works…

@satheeshv would you mind let us know if you tested @amit_1140 & @j_place solution?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.