Hi Team,
Looking for Movers LCS when ever a user manager is changed then it should update manager in Active directory ?
how can we achieve this ?
do we have a workflow that could update a AD ?
Thanks,
Osman
Hey OSman, Yes we can achieve that.
If you just looking into updating the manager DN you can have a Attribute Sync to do that.
have the manager DN as a Identity Attribute and sync with the AD manager field.
There is any other use case you need to do?
thats how we already have a setup from idn to AD to sync DN and what we want is to update manager name from idn to AD, we dont have a attr sync for it. any ideas
@osmanmohammed you have to build two identity attribute
1- ADdn- which will hold the dn of the ad
2-Manager dn which will hold the manager dn value for manager dn you can use the below transform as static and put this value
"attributes": {
"value": "$identity.manager.attributes.ADdn"
},
"type": "static",
"name": "Static Transform"
}
type or paste code here
then later use it as sync attribute to managerDN in ad
2 Likes
Hi @osmanmohammed,
To get the manager name synced to AD, first you need to bring in the manager name as an Identity attribute. You can create a new Identity attribute as Manager Display name and map the below transform to it :
{
"name": "Get Manager Name",
"type": "rule",
"attributes": {
"name": "Cloud Services Deployment Utility",
"operation": "getReferenceIdentityAttribute",
"uid": "manager",
"attributeName": "displayName"
},
"internal": false
}
You can call any of the required manager attribute in the attributeName section based on your requirement.
Once you see the manager display name reflecting under the Identities, you can map this Identity attribute in the Account create policy of the source to the corresponding source attribute.
The attribute will then be available for attribute sync and you can select the attribute sync checkbox to activate it.
Theres is a special field for the name? Just create the attribute on the identity with the manager name and sync with ad . ez pizi lemon squeeze
As mentioned by other fellow ambassadors, the best practice is to use two identity attribute identity AD DN and manager AD DN, and then configure the manager AD DN attribute in the attribute sync list.
But the attribute sync is not an option for you, then you may try the below approach where you can call the powershell script via workflow and pass the manager information along with user’s information. And when ever the manager is updated on identity, then you can try to call the powershell script to update the managers in AD directory.
Please note that i have not personnally tried this option, but you can try it and let us know if it works for you.
I hope this works for you.
Thank You.
Regards
Vikas.