Remove SR when its applied RRS feed

  • Question

  • Hi all

    I was wondering if someone had a suggestion for me how to solve this issue.

    To explain: I have made an outbound SR that set pwdlast=0 to FIM AD user account. so far so god. I wan't this behaviour because I wan't to trigger/force a password sync, the next time user logon.

    The issue I am seeing, is that this SR gets applied several times, over and over again. I have not enabled: Run at policy update!

    So I created an WF thats removes this SR, but I am not sure how to/what to trigger it.. I want it removed just after it has expired the password/been applied.

    If the SR is not supposed to be run several times, that would be great to sort out aswell.

    Best regards Andre


    • Edited by froand Thursday, November 13, 2014 10:41 PM
    Thursday, November 13, 2014 10:40 PM

All replies

  • Hello ,

    I think you want force only one time the pwdlast = 0 , if yes you can sepcified on your OSR on outbound atribute flow "Initial Flow Only" .



    Friday, November 14, 2014 3:03 PM
  • Exactly, For now synchronization rule works all time as you have made something like persistent flow of 0 value to pwdlast. If you want to have it once only, select "Initial Flow Only" for pwdlast = 0

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Friday, November 14, 2014 5:33 PM
  • Ok, thats right. But then i have to set create resource in external system, but that's probably ok?

    I must then create 1 SR and WF for each scenario/event I want pwd reset to occour. Can't use the same SR and WF over again?

    Best regards Andre


    Friday, November 14, 2014 10:34 PM
  • Hi

    I couldn't get it ti work, the SR is Applied, but the password is not expired.. If I remove the Initial flow only, it expires the pwd each run time..

    Any takers?

    BR Andre


    Friday, November 14, 2014 11:33 PM
  • I tried this as well


    Saturday, November 15, 2014 12:01 AM
  • Hello,

    I guess you want to do this one time and even for existing users, so there has to be some king of manuell input when to do this.

    Maybe you want to do this also in future for only some of the users ?

    If this is the case I would do the following:

    Create an Attribute (Boolean) for password reset on users, use a transition in set, workflow, MPR to add the OSR to users when the boolean attribute is true.

    Make sure you have pwdlastset as an attribute on users in portal.

    Create a Set/Workflow/MPR to remove the OSR when pwdlastset != 0 in addition add a workflow (function library) to reset the boolean attribute to false after removing the OSR.

    With this you can enable singe users for pwreset enforcing.

    If you want to do this some times for all or many users just create a temporary Set/Workflow/MPR combination to set this boolean attribute on all users.


    Peter Stapf - ExpertCircle GmbH - My blog:

    Sunday, November 16, 2014 10:06 AM