locked
How to assign group membership on intial provisioning ? RRS feed

  • Question

  • I have a custom attribute Called "Mailbox". I want that if its value is set to "YES" then at intial user provisioning the new user should by default become part of certain security groups. Can I define this logic in my sync rules of GROUP OUTBOUND ??? If not then any other way to get this done?

    Tuesday, May 7, 2013 6:39 AM

All replies

  • I'm not sure there is a way to do this.  Remember that group membership is a reference attribute, and on the user object it is a back-link reference.  The attribute being updated is actually on the group object ("member").  Until the object has been exported to AD, imported and sync'ed, there isn't any way for the sync engine to create and maintain the referential relationship between group and user.

    The best you can do is go to AD twice in your provisioning cycle (presumably scripted).  Send out any new user objects, bring them in, out to whatever MA is handling your group membership (FIM MA if you're on FIM, probably custom SQL if you're in ILM), process the memberships, flow them in to the metaverse and back out to AD. 

    Chris

    Tuesday, May 7, 2013 1:32 PM