Hi @cinilsunny and @vguleria,
Thank you for the additional feedback. I am making good progress! So far, I have modified the AD source to use the newly created ConnectorAfterModify rule, which is pointing to a PowerShell script that follows a similar syntax as the screenshots previously shared. Then, I added a new account schema attribute for the AD source to use an extensionAttributeX within AD. Followed by creating a new attribute sync entry that would map the user type of an account over to extensionAttributeX. A few questions that I have:
1-What is the best way to retrieve the userType when being retrieved as an XML? In the UserTypeChange rule within the AD source, I see the following PowerShell code:
Add-type -path utils.dll;
$sReader = New-Object System.IO.StringReader([System.String]$env:Request);
$xmlReader = [System.xml.XmlTextReader]([sailpoint.utils.xml.XmlUtil]::getReader($sReader));
$requestObject = New-Object Sailpoint.Utils.objects.AccountRequest($xmlReader);
$requestAsString = $env:Request
if($enableDebug) {
LogToFile(\"Request as XML object is: $requestAsStrin")
}
Whereas on the PowerShell script provided by the 3rd vendor / SLP for the AfterCreate operation, I see the following (I am using this script as guidance):
$sReader = New-Object System.IO.StringReader([System.String]$requestString);
$xmlReader = [System.xml.XmlTextReader]([sailpoint.utils.xml.XmlUtil]::getReader($sReader));
$requestObject = New-Object Sailpoint.Utils.objects.AccountRequest($xmlReader);
#debug line for testing
if($enableDebug) {
LogToFile("Request object contents:")
LogToFile($requestObject | Out-String)
LogToFile($xmlReader | Out-String)
}
The first block of code set in the ConnectorAfterModify rule, it outputs the results in an XML format, which contains the user type. Whereas the second block of code, it only provides me with basic information such as DN, attributes being passed from SLP, operation type, and similar. But it does not provide the user type. The key difference that I can see is the $sReader = New-Object System.IO.StringReader([System.String]$requestString);
line. Where in the first code block, it makes a reference to the environment variable Request, but on the second code block, it does not.
I tried also changing the Sailpoint.Utils.objects.AccountRequest to Sailpoint.Utils.objects.ServiceResult as I though it would give me a different response, but no luck. I am also attaching screenshot of the response I am receiving after doing an attribute sync in SailPoint or changing a user’s type from one to another.
2-Is it possible to retrieve the new and old user type on the response from SailPoint? The reason why I ask is because we are not assigning user type anywhere in AD. So I wouldn’t be able to compare to what AD has for user type versus what SailPoint is providing. I just recently added the mapping of the extensionAttributeX to the user type in the sandbox environment. I was hoping to be able to get the new and old values on the user type from SailPoint directly so that I can do a comparison and if it doesn’t match, move forward with the mailbox creation.
Thank you,
Ricardo Then