none
Change attribites metaverse or AD while deprovision. RRS feed

  • Question

  • Hi

    I have many MA one to a view of ORACLE. I can't modify the view.

    When a row is remove from this view. I must to change de OU and the UserAccountControl of the AD_USER to disable.

    I try to use de deprovision in the MA of ORACLE to change the data in the MV or in other AD_MA but I can´t connect to the others MA

    Somebody have any idea to do that.<o:p></o:p>


    Wednesday, September 18, 2013 4:36 AM

Answers

  • Correct - you can only access the disconnected row in your deprovisioning code.

    The place to change the OU is in provisioning code. You'll want to look for a lack of connector from Oracle. For userAccountControl, that's an advanced export flow rule. I would think about a Metaverse attribute called "existsOracle" to make this easy. Flow 'true' -> existsOracle and then in your userAccountControl export rule, key off that attribute being true or not present.


    Thanks, Brian

    Wednesday, September 18, 2013 5:15 AM
    Moderator

All replies

  • Correct - you can only access the disconnected row in your deprovisioning code.

    The place to change the OU is in provisioning code. You'll want to look for a lack of connector from Oracle. For userAccountControl, that's an advanced export flow rule. I would think about a Metaverse attribute called "existsOracle" to make this easy. Flow 'true' -> existsOracle and then in your userAccountControl export rule, key off that attribute being true or not present.


    Thanks, Brian

    Wednesday, September 18, 2013 5:15 AM
    Moderator
  • Hi,

    For this you can create a rule extension for Oracle MA which populates a metaverse attribute on the basis of the attribute which you want to remove for OU movement.

    Suppose, metaverse attribute is "OU_Change_Status".

    Step1: Create rule extension at ADMA to check that connctor for OracleMA is present for that user.

    Step2: Then set it "True".

    Step3: Else set it "False".

    Step4: Now, into sync rule check for OU_Change_Status attribute value .

    Step5: If it is "False" then perform OU movement and set UAC=514.

    Step6: Else perform the normal action.

    Thanks~

    Giriraj Singh Bhamu 


    • Edited by GirirajSingh Thursday, September 19, 2013 9:37 PM needed
    Thursday, September 19, 2013 9:31 PM
  • Hi every one

    The solution that I implement was that.

    1. From oracle MA I put a variable in MV (Userpresent) with the word “True”, The if the user is delete from the table this variable is delete in MV.
    2. From my ADMA I create import rule extension  that verify if  variable (Userpresent) is not present then put the word “AD” in other variable in MV (ADpresent) else verify if (Userpresent) equal “true” put in (ADpresent) “ADBD”
    3. From my ADMA I create export rule extension to UserAccountControl, first this verify the value of MV (Userpresent) is “true” then is active user “512”, if not verify MV (ADpresente) is “ADBD” --the user was delete from the oracle DB-- then is a disable user “514” else if “AD” the UserAccountControl don´t modify.

    I think that this could be a solution for my case, if somebody know other way to do that, I like learn that.

    Thank for all.

    Thursday, October 10, 2013 3:05 PM