Is there any Active Directory Connector Update that includes a fix to how a Identity Security Cloud Tenant handles native ou-movement of users?
In the best practice regarding moving users between OUs it is said that “…moving users in AD appears to the system like deleting and adding separate accounts. In addition, IdentityNow cannot simply update the distinguishedName since it is an AD identifier.”
I still gave it a try and it worked for me and the DN is getting updated, the object SID and guid are still the same and my Tenant is able to handle these changes.
I did not see any information about an update regarding this and wanted to ask if someone is able to provide me with more information.
when you say Account ID? can you explain what remained same. I am referring to ISC account ID> please check again. if you click on the account below will be the URL. I am checking on the account_id here …. does it remain same?
I mean the id that is displayed when I search for the identity in {tenant}/ui/a/admin/connections/sources/{source-id}/view/accounts. The id can either be viewed in the table or when accessing the account to view the account attributes. So what I mean by id is the account id that SailPoint gives to the (AD) account.
if you are using AC_NewParent for your OU move then you are good. if not i am pretty sure the account id will change unless something changed on ISC recently. in any case, since account id is not changing after OU move, i dont think there is any issue in your case .