Share all details about your problem, including any error messages you may have received.
Hi all,
I have an active directory application which I would like the unique id in the identity to be synced to one of the AD application attribute to update it.
To better illustrate what I want to achieve:
Before
AD application distinguishedName => cn=full name, ou….
Can I use identity mappings and attribute sync task to achieve this even if there is no change in identity unique id value? Or are there any other possible ways to achieve this?
Here I don’t see any authoritative source mapping configured. How you are making sure that unique ID value changes?
If there is some change and it is coming via aggregation then this attribute sync will get triggered via refresh identity task with proper option selected I.e. Synchronize Attribute.
Another way to trigger the attribute synchronisation is to update the unique ID via UI page. As soon as you change the value through UI. This trigger will take place.
Hi @msingh900 , I have authoritative setup just I mosaic it out. However, my deeper question would be if there is no change to the identity attribute there it is not possible to use this method to update the distinguishedName?
The purpose of this is because previously the application accounts were created with fullname but now we would like to change it to use the uid. So we were wondering if we can leverage on any ootb features to sync the attribute down to the end application even if there is no change in the identity attribute?
If no attribute change occurs in IIQ, the attribute sync will not trigger to update the target application. IIQ avoids unnecessary writes to connected applications unless there’s a delta.
Instead you can create a custom Rule runner task to update the DN in the AD application. For the existing users, this will be update the DN, as this process will be one time and for the new users Attribute Sync will take place and do the work.
