Version 8.3
Hi All,
We have a requirement in Active Directory application, where we need to set “AccountNotDelegated” account option while creating the user. we are setting the option in provisioning plan but after creating the user, that option is not selecting. Can anyone please help us to resolve this issue.
Thanks,
Prathyusha
Hi @Prathyusha_174,
Could you try printing the plan xml here. Also, check if you are receiving any error on the IQService logs.
Thank you!
How are you setting this in plan, can you give more details
I believe you should use a Native Rule power shell script to do this, you cannot set in directly in plan, can I know which target attribute you are using in plan
Hi @officialamitguptaa ,
We are not receiving any errors in the plan, but we are able to see some different value in the plan for the attribute, in the attribute request we are setting Boolean value(true) but in the IQ service logs plan, we are able to see the attribute value as a string variable(“CHECK CONFIG”).
but in the code we are setting like
acctReq.add(new AttributeRequest(“AccountNotDelegated”, ProvisioningPlan.Operation.Set, true));
Thanks,
Prathyusha
Hi @iamksatish ,
We are setting plan like
acctReq.add(new AttributeRequest(“AccountNotDelegated”, ProvisioningPlan.Operation.Set, true));
We are using “AccountNotDelegated” attribute.
Thanks,
Prathyusha
Do you have any existing Native Rule for the AD application
If you already have, under the create operation condition do the following
If not please create a nativeRule on Create and set the value, where username below should have the users sAMAccountName
Set-ADUser -Identity ‘username’ -AccountNotDelegated $true
@iamksatish We are able to set the some other accounts attributes also via provisioning plan only.
i.e. pwdLastSet (“user must change password at next login”) this is also account option.
Thanks
I know, but few of the AD attributes have limitations with the connector, this is not a regular attribute we use, anyhow let me explore from provisioning plan but Native rule will definitely work in this case.
Also, just a wild try , can you set in the plan as String “true” and try how it behaves. ( I know at target it is a Boolean- this is just a try based earlier experiences with other fields)
You can use a runAfterScript Native rule to achieve the same.
Sample powershell looks below -
# Replace 'username' with the actual username of the account you want to modify
$username = "username"
# Retrieve the user object
$user = Get-ADUser -Identity $username
# Set the AccountNotDelegated property to $true
$user | Set-ADUser -AccountNotDelegated $true
You will get more details on How to use native rules for AD here.
@Prathyusha_174
This what I am saying you can achieve in Native rule for sure but anyhow please try once what I mentioned above as well
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.