Hi @GutteStolt ,
If I understand your requirement correctly, you are looking to identify users who have one or more Active Directory (AD) admin accounts. Once such a user is found, you would like to add them to a specific AD group for normal accounts. Is that correct?
If this is indeed the requirement, the process would involve building a provisioning plan to assign the group to normal account.
Please refer the below plan for reference.
Identity identity = context.getObjectByName(Identity.class, "abc");
Application application = context.getObjectByName(Application.class, "AD");
ProvisioningPlan plan = new ProvisioningPlan();
AccountRequest accReq = new AccountRequest();
accReq.setApplication("AD");
accReq.setOperation(ProvisioningPlan.AccountRequest.Operation.Modify);
plan.setIdentity(identity);
IdentityService idSvc = new IdentityService(context);
List links = idSvc.getLinks(identity, application); // Added type safety for links
if (links != null && !links.isEmpty()) {
String nativeIdentity = null; // Initialize variable to hold nativeIdentity
for (Link adLink : links) {
if (adLink.getNativeIdentity() != null && !adLink.getNativeIdentity().toLowerCase().contains("ou=admin")) {
nativeIdentity = adLink.getNativeIdentity();
}
if (adLink.getNativeIdentity() != null &&
adLink.getNativeIdentity().toLowerCase().contains("ou=admin")) {
accReq.add(new AttributeRequest("memberOf", ProvisioningPlan.Operation.Add, "Abc-AD-ADM"));
}
}
accReq.setNativeIdentity(nativeIdentity);
plan.add(accReq);
}
Provisioner provisioner = new Provisioner(context);
provisioner.compile(plan);
provisioner.execute();