Hi Chris and Kankdekar,
I had a similar issue with reading an AD account upon initial user creation and provisioning which failed:
Error category 'Validation' with response 'Fail Event'.
POLICYXPRESS ERROR MESSAGE: No accounts specified
Having tried different triggering times (After CreateUserEvent, AssignProvisioningRoleEvent or for Task Submitted etc.) to no avail, I have reached out to CA Support in order to help me with this error (Chris, if you are interested you can look up case ID 21135575-1 for more details).
The conclusion was the following:
"
We got now confirmation that if the Task context does not deal with the
object or object's attributes then the Policy Xpress data element cannot
retrieve the information directly.
"
But there is an advice which I didn't manage to test : "However it should be possible to retrieve them indirectly through the "Data Sources" data element type but this configuration requires custom code writing."
I wouldn't like to set up Data Sources as the connection to AD (ldap) will require storing a username and password.
Also, the documentation hints that it is doable, but having tried that triggering time too, it did not work for me:
https://support.ca.com/cadocs/0/CA%20Identity%20Manager%20r12%205%20SP13-ENU/Bookshelf_Files/HTML/idocs/825186.html
"
Set the user's groups and OU in Active Directory, based on department
Run At Events — at the end of the assign provisioning role event. This ensures that an account is already created when setting the values.
"
Just sharing my experience and feedback.
Please let me know if you have any questions or feedback on the above statements.
Cheers,
Razvan