none
DN attribute change after moving the domain user RRS feed

  • Question

  • good day , I created a domain user through FIM 2010 , created for the user attribute DN (cn = LastName FirstName middleName, ou = fim2010, dc = company, dc = test). after the user is created, I move it to another OU (named "NewOU") through ActiveDirectory console. After moving I do Delta Import on ADMA in my FIM. Watching Connector Space for ADMA. DN attribute is changed to "cn = LastName FirstName middleName, ou = NewOU, ou = fim2010, dc = company, dc = test". Check changes in the metabase "Distinguished Name (old) - my new DN" and "Distinguished Name (new) - my old DN, which initially creates a user in AD" after synchronization and Export , users are removed from the new OU and move into the old . I think that it is because of Initial Flow Only for Outbound AD rules . But I have created two identical rules declaring attribute DN. first marked as Initial Flow Only second to none.
    Tuesday, March 25, 2014 6:27 AM

Answers

All replies

  • It's because this second rule - you are declaring that user should always be moved to this OU.

    If you plan to create user in specified OU and then move the account, select "Initial Flow Only".


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Tuesday, March 25, 2014 8:01 AM
  • i use this .."To provision users to AD, the dn attribute flow should be marked Initial Flow Only . However, if you also want to support moving or changing the dn of the user, you also need to add the same flow without the Initial Flow Only checkbox."

    Tuesday, March 25, 2014 8:25 AM
  • Yes, but this is true if you want to manage user's OU from FIM, not from AD directly.

    If you want FIM to create user in specific OU and then you would move this user yourself, only "Initial Flow" is needed. The quotation you cited applies in a scenario where you would manage account's location in OU through FIMService.


    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Tuesday, March 25, 2014 10:30 AM
  • I leave only one rule and uncheck Initial Flow Only. After that I myself Perrin users through console AD. I understood correctly?
    Tuesday, March 25, 2014 10:44 AM
  • Yes, correct. :)

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Tuesday, March 25, 2014 11:02 AM
  • Actually, I think you want to Check "Initial Flow" for the one rule you keep, not Uncheck.

    Chris

    Wednesday, March 26, 2014 1:38 PM
  • Actually, I think you want to Check "Initial Flow" for the one rule you keep, not Uncheck.

    Chris

    Chris is right - I have misread last napalmded's post and considered that the idea is to leave just Initial Flow rule :)

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    Wednesday, March 26, 2014 4:59 PM
  • This could be a good topic for a light Wiki article: http://social.technet.microsoft.com/wiki/contents/articles/23330.technet-guru-contributions-for-march.aspx

    Thanks Chris and Dominik!


    Ed Price, Power BI & SQL Server Customer Program Manager (Blog, Small Basic, Wiki Ninjas, Wiki)

    Answer an interesting question? Create a wiki article about it!

    Thursday, March 27, 2014 2:22 AM
    Moderator