Friday, March 15, 2013 5:07 PM
I have a situation in which I have to Disable User from AD if it is removed from Banner(source) view. But i still need that user for futther use. So, AD connector should not be deleted.
Any help ?
Friday, March 15, 2013 6:19 PM
Are you using synchronization rules? if yes - you can use DRE to detect the state of a user (DRE exists for given rule) and in this way you might control other events and provisioning. Other way is to contribute to metaverse value based on some value from the source - if this value will be gone, you don't have connector in this source.
Trick is that you have to think about situation that someone will clear the connector space or re-initialize solution. In that case you might have AD account and Identity info in metaverse without source information for a while. Can be handled but you have to be aware of it or anyone who will operate this solution in the future.
Tomek Onyszko, memberOf Predica FIM Team (http://www.predica.pl), IdAM knowledge provider @ http://blog.predica.pl
Saturday, March 16, 2013 12:15 AMOwner
Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation
Saturday, March 16, 2013 6:33 AM
I have done this use case for one of the customer.
You can try the approach shared by Tomasz, I have listed the required steps :
1. Create 1 custom attribute in metaverse say "EMPSTATUS"
2. Map this with any value coming from banner (in Banner Inbound rule)
3. In AD Outbound rule write a custome expression say "IIF(IsPresent(EMPSTATUS),512,514) => userAccountControl"
Now with this setup, when the user's connector(source) gets deleted, its 'EMPSTATUS' will become null in the metaverse, followed by changing the userAccountControl value to 514 in "AD"