Need your help in this regards.
1. We have the following setup in our IDM environment.
-- Accounts gets created in IDM (CA directory) and then synced down to AD.
-- Service accounts gets created in AD and then brought into IDM on Explore/ Correlate.
-- Most of the modification on the accounts occur on AD and then during Explore/Correlate are updated in the IDM.
2. We need the following requirement to be met.
-- Service accounts will be created in AD and brought into IDM. (these Service accounts will be present in a particular OU for which E/C definition is set as create to create the accounts in IDM )
-- During the explore/correlate process, we would like to bring in only 2 attributes from AD to IDM (AD distinguished name and mailbox). Other than these 2 attributes, no attributes should be brought into IDM even though there is a update made on the AD account.
I have followed the instructions provided in Policies for Reverse Synchronization - CA Identity Manager - 12.6.5 - CA Technologies Documentation which speaks about how to reject the attributes on Explore/Correlate.
Even after configuring this policy, I still see the account gets updated in IDM. So basically 2 events are performed upon explore/correlate.
1. ModifyProvisioningactivity event (this rejects the attributes) --- Provisioning activity tasks
2. Modify User Event (This updates the IDM attributes) ----- Provisioning Modify tasks.
Can anyone help me on how to stop the update on IDM during explore/correlate