If you think this should be handled Out Of The Box by the CA Identity Manager product, please don't hesitate to contact me directly so that I can open up an enhancement request with product management on your behalf.
The supported method is to create a new endpoint to match the new name of the server since much of the product will utilize the hostname within LDAP to associate and bind to its underlying objects (account templates, roles, users etc.). In the interests of keeping your provisioning store stable, consistent and error free, you should simply delete the old endpoint, re-acquire the endpoint with the new name and run an explore / correlate on it, update your roles, templates to use the new endpoint name.
Workarounds to this problem have been researched / implemented, but will result in mismatched machine name references that will be confusing over time. It's like pointing to the moon, but in reality we're pointing at mars. Here's some crib notes on how the name change might be implemented, if not utilizing the supported method.
Following workaround can be used to bypass the GUI impediment of not being able to change the hostname.
Steps to change the ADS primary server name: (thr@o@@ugh Directory NOT using provisioning GUI)
=====================================================
Concerning how to change the hostname of the ADS, you can follow the below steps. Note this is for the host name and not the ADS endpoint name which is just a handle/alias and which cannot be changed to due its use in account/user inclusions and references in templates, explore definitions, etc. Please check to make sure you are using the values proper for your environment:
Run the following ldapmodify command against the Provisioning Server:
ldapmodify -h HOST -p 20389 -D "eTGlobalUserName=USER,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w PWD -f in.ldif
where in.ldif contains
dn: eTADSDirectoryName=MyAD,eTNamespaceName=ActiveDirectory,dc=im,dc=eta changetype: modify replace: eTADSprimaryServer eTADSprimaryServer: new_host
-
replace: eTADSServerName eTADSServerName: new_host
-
replace: eTADSAuthPwd eTADSAuthPwd: password_to_connect_to_ad
-
delete: eTADSbackupDirs
You will then want to restart all C++ Connector Server and then hit the Refresh DC list button in the Provisioning Manager on the acquired ADS endpoint property page.
Be sure you put proper passwords into the LDIF file for the ADS user.
Also make sure you have a valid SSL cert for the new DC.
Please respond with any questions or concerns.
Thank you.
Regards,
Chris Thomas
CA Technologies
Principal Support Engineer
Identity Minder Reporting Expert
Tel: +1-631-342-4360
Chris.Thomas@ca.com
https://communities.ca.com/web/Chris_Thomas/profile