Symantec IGA

Hi Folks!!

I had to configure, some PX Policy, to catch when some User multi-valued attribute where im saving the SMTPs proxy addresses of an Active Directory Account. I trying to send this values to the eTADSproxyAddresses of the Active Directory user account, but as the SMTP address on these directory, has a colon to separate the SMTP from the email address, the PX policy, sends the next error:

JSON --> Generated By Policy Xpress: Failed to execute ModifyActiveDirectoryAccount. ERROR MESSAGE: Invalid JSON data at line 1 column 1

I was tried to escape the colon character as in java like with something like  \:, but the result was the same.

Im got this configuration of the policy,

And here it is where everything is falling down.

so if you have already work with some attribute with this considerations, i wil be glad to read your answer.

Thanks!

Hi,

My suggestion:-

Using Active Directory Users and Computers (MMC) update your account with SMTP addresses.

Then use the PX to "GET" the value been assigned to this user. From there you can see the format been used for eTADSproxyAddresses.

Hi William, the thing is, that im uploading the information of the SMTP addresses, into one attribute that im assigning into the User Store of my Identity manager environment throgh an bulk task, and i wish to update 1500 users that they don't had assigned any Provisioning Role.

I was think like you, to upload the data into the AD, and run a reverse sync, but this customer, has a really messy AD data, and comprimise the quality of the information in the User Store from Identity.

After i insert the another SMTP address, in JXplorer it is showing as 2 lines instead of 1 line in eTADSProxyAddresses.

I suggest you report this as an issue to CA support.

There is another way u can try, is to use etautil command...

Hi Williamckl, this is a correct behaviour, since the eTADSproxyAddresses, is a multivalue field, so in the JXplorer, you must seen multpile entries in these attribute.

What i have put in the previous answer, was that the polixy xpress procedure, has to communicate in some particular format,

The other thing that i have seen on the policy xpress action rule, is when the user, has no mailbox, you cannot remove directly the values of the eTADSproxyAddresses, as the provisioning server send some error about some internal validation for the mailbox of the user.  That makes that the user that you try to process, doesn't show the Exchange related tabs in the account information(Email addresses for example).

Well, i have make some try outs, and finally, i was looking on how the Identity Manager, communicate changes to the provisioning server, so....

The solution for this, was to split the

SMPT:yyyy @ yyyyyyyy.yyy

into this:

{"address":"yyyyy @ yyyyyyyy.yyy","type":"SMTP"}

This is the way to pass into the Active Directory ProxyAddresses attribute, some values, so, with these i actually write in some Active Directory account, the special value to be added into the eTADSproxyAddresses attribute.

Let me fix, the part of my PX policy, to clear the old values, and put these new values into. i will be uploading this solution, and i hope that if someone has the same problem, this will help you a lot!!

Note:  Ommit the spaces in the email addresses, I have to put as it, because of my content was blocked.