CA Service Management

Hi,

I am currently running the following within an engine we built in powershell to isolate individual users that need to be updated from active directory rather then running a full system import/sync.

pdm_ldap_import -l "userid = '$name'" -c "userid = ?"

The problem is with how our OU structure is setup the scan for each individual run has to be done at the root directory. Which takes about five-minutes per person to run. Which is a bit timely when your looking at 10+ records that may come through during the last scan period.

Is there a way to define a specific search base within the pdm_ldap_import to confine where it is looking for the end user specified in the userid?

Appreciate your insights!

Hey Jordan,

pdm_ldap_import unfortunately doesn't let you select custom search bases like what you are looking for.

maybe an alternative would be to prepare a ca_contact / usp_contact  data loads  using whatever AD/LDAP queries and outputting them to files that pdm_load/pdm_user_load will accept?

_R

Hi Jordan,

Have you considered using the SDM API to create/update users? We don't use pdm_ldap_import and have a set of powershell scripts that we use to sync with AD, check for differences, then update SDM via the rest api.

Here's a rough breakdown of how they work.

1. Pull all active SDM records via the rest api and save to PS object

2. Pull active users from ad and save to PS object

3. Use Compare-Object to see what data differs (you can set a variables to the output of compare-object and filter on different SideIndicator to see what's new in AD vs what's no longer active in SDM)

4. Loop through PS objects to create or update contacts