AnsweredAssumed Answered

How handle provisioning roles for "Active Directory" endpoint

Question asked by Efren Yanez on Aug 2, 2014
Latest reply on Nov 14, 2016 by Sajidkhan1310831

Hello Community

 

About IdentityMinder ...¿How to handle the cases of provisioning role for "Active Directory" endpoint ?

    The create and delete user are simple cases, but the change that involves moving accounts between "OU" does not work automatically, after remove a provisioning role means that the account will be deleted in the "Active Directory" endpoint and after assign the new provisioning role the account is created. This usually affects the Exchange account  and affects the user emails in Exchange Server
creating an additional problem.  Strong or Weak sincronization doesn't fit the ideal situation of move account and avoid recreate it.

 

An identity policy do the right automatic assign / unassign  but  on the endpoint not necessarily occur in the most convenient way.

 

 

¿ How avoid that the account is deleted on modify user operation (for remove ProvisioningRole member) and instead, ensure that privileges are assigned and automatically moved the account to a different OU if applicable? ¿What has been your experience dealing with this situation

 

 

Efren

Outcomes