Monday, February 27, 2012 8:14 AM
This Custom expression work fine when we create new user in hrms database table IIF(Eq(employeeStatus,"Confirm"), 512, IIF(Eq(employeeStatus,"Provision"), 512, 514))=>userAccountControl but when we modify employeeStatus column(Resined,Retired etc) value that does not work properly. all AD attribute value is update instead of AD attribute userAccountControl does not updated value 514 please tell me where i am wrong.
Please help urrgent basis.
Monday, February 27, 2012 2:49 PM
Your question is not very clear, could you please try to better explain your problem?
The problem is that if you change "employeeStatus" the value of userAccountControl is not updated? If so, have you checked that the outbound attribute flow in the Synchronization Rule does not have the "initial flow only" checkbox checked?
Hope this helps,
P.S: this is probably less urgent, but instead of the hard coded values 512 and 514 you could probably use:
- BitOr(2,userAccountControl) instead of 514
- BitAnd(-3,userAccountControl) instead of 512
That will preserve the other flags in the user account control value (check http://social.technet.microsoft.com/wiki/contents/articles/how-to-enable-or-disable-accounts-in-active-directory-domain-service-using-fim.aspx?CommentPosted=true#commentmessage)
Paolo Tedesco - http://cern.ch/idm
Tuesday, February 28, 2012 2:36 PM
Thanks for your resopnes,
We are synchining the user information from HRMS ---->FIM--------> AD.
In the HRMS table, there is one attributes say employeestatus. It's value are Confirmed,provision,Resigned,Retired etc. Based on the employee status, we need to enabled/disable user on AD.
We have put the logic in the Synchronization rule as in case of Confirmed and provision, user will be enable and rest all the values of employeestatus, user will be disabled on AD.
IIF(Eq(employeeStatus,"Confirm"), 512, IIF(Eq(employeeStatus,"Provision"), 512, 514))=>userAccountControl
Now when we modifed the employee status from Confirmed to Retired, useraccountControl is not updating on the AD.
We have unchecked the initiall flow only is unchecked in the outbound synch rule.
Wednesday, February 29, 2012 12:39 PM
Thanks for your support. Its working now.