Message Image

Skip main navigation (Press Enter).

Symantec IGA

Back to discussions

Expand all | Collapse all

Assigning AD Group during Creation in Identity Manager

Anon AnonDec 22, 2015 11:11 PM

Hi, I am trying to provision two Active Directory Endpoints with Two provisioning Roles and Account ...

Eric LaneyDec 29, 2015 11:44 AM

Events in IM are not synchronous with the actual provisioning actions taken by Provisioning Server and ...

1. Assigning AD Group during Creation in Identity Manager

0 Recommend
Anon Anon
Posted Dec 22, 2015 11:11 PM

Reply Reply Privately
Hi,

I am trying to provision two Active Directory Endpoints with Two provisioning Roles and Account Templates. When I try to assign Active Directory Groups for User in end point I am getting "ERROR: No Accounts Found". Please find the policy details below.

Policy Name: Assign AD Group
Event: SyncProvisioningRoletoAddAccountsEvent
Data: Accounts -> Accounts -> Active Directory
Action: Rule: Assign Groups -> ADSgroup

Kindly suggest on the event to trigger the policy.

Thanks,
Murali
2. Re: Assigning AD Group during Creation in Identity Manager

0 Recommend
Eric Laney
Posted Dec 29, 2015 11:44 AM

Reply Reply Privately
Events in IM are not synchronous with the actual provisioning actions taken by Provisioning Server and Connector Server. You likely have the event firing when IM sends the "create" message off to IMPS, but there hasn't been enough time to actually create the accounts yet.

We found that the only way to reliably work with Active Directory accounts in this way was to have the "Create User" task set to "Synchronize on every event." The PX Policies are tied to the task completion (and / or failure) instead of the specific event. This way, the policy fires reliably after the account is created and re-synchronized.

Copyright 2023. All rights reserved.

Powered by Higher Logic