userAccountControl flag attribute synchronization from one active directory to another

Which IIQ version are you inquiring about?

Version 8.2

Share all details related to your problem, including any error messages you may have received.

We have a requirement to synchronize the userAccountControl flag from one active directory to another. Since, by default, the attribute type in the account schema appears to be “Long”, it looks like there is a misalignment between the format of the identity attribute (Can only be either String or Identity as variable type) and the link attribute. Thus, the userAccountControl flag keeps being committed to my target system with the exact value over and over. This significantly affects the performance of our IdentityIQ.

I have tried to twist the Identity Attribute as a “Long” in the identity mapping rule. Even though it’s showing type “Long” after the transform in the identity cube XML, the synchronization still continues.

Do you have any idea about this? Many thanks in advanced.

Did you try this

Where is this from? Is it a community-supported framework or something?

It’s part of SSF - you can find it in SSD documentation
image
you need to look into SSF_FeaturesAndFrameworks_UserGuide

Thank you so much for your input. Our team has tried to update the userAccountControl flag attribute variable type from the default “Long” to “String” and the re-provisioning stopped as expected.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.