none
MPR behavior with changing sets RRS feed

  • Question

  • Hello!

    Can somebody explain some MPR logics?

    I have MRP (Transition In) + Workflow for AD provisioning users. They are using sync rule with Initial flow for password generation for users and emails to manager with account information. I’m using a set with static defined user set (with employeeID numbers)

     

    As I understand if I make “Disable” and “Enable” at MPR I will get reapplied MPR, right? Moreover, all my users will receive new passwords and managers will receive emails. This is not acceptable, because system is going to production.

    I need to change my test static set to “All People” production set, how it can be safely done? Thanks!


    1

    Monday, February 6, 2017 10:53 AM

All replies

  • Disable/Enable MPR would invoke your workflow only if workflow have "Run on Policy Update" ticked.

    So the solution would be:

    1. Make sure RoPU on Workflow is unchecked.
    2. Disable MPR responsible for triggering the workflow
    3. Change MPR to point to test set (for example with only 3 accounts)
    4. Enable MPR - notifications should not be sent and new passwords should not be created.
    5. If step 4 was ok, disable MPR
    6. Change MPR Set to any other you wish
    7. Enable MPR. If notifications were not sent before, they won't be sent now.

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Proposed as answer by FIMService Wednesday, February 8, 2017 7:06 AM
    Tuesday, February 7, 2017 6:32 AM
  • Dominik, I have tested your solution with a new users set and:

    1. No notifications are sended

    2. No ERL were generated.  I have run FI+FS at my AD, FIM and HR MA's.

    I can't see anything in Requests with error statuses.

    Something is missed?

    Thanks!


    1


    • Edited by alexiszp Tuesday, February 7, 2017 2:51 PM
    Tuesday, February 7, 2017 2:45 PM
  • But it is normal that you have not seen any new requests changes - MPR is triggered now when new user enters "All People" set, right? So you would see workflow invoked on new users, but not on existing ones as all your users are already there.

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.


    • Edited by Dominik Trojnar Tuesday, February 7, 2017 9:35 PM
    • Proposed as answer by FIMService Wednesday, February 8, 2017 7:06 AM
    Tuesday, February 7, 2017 9:34 PM
  • I think same as you, but I have selected users which accounts are not created correctly in Active Directory.

    For example, they have incorrect displaynames with 2 spaces between firstname and lastname.

    I have a 3 test users with such conditions and ERL are not present for them.

    The status of sync rule for AD provisioning is "Not Applied"


    1


    • Edited by alexiszp Wednesday, February 8, 2017 11:08 AM
    Wednesday, February 8, 2017 11:02 AM
  • I have made a such test.

    With enabled MPR I have added one more test user to set and ERL is generated.

    But I need to create ERL to all my users in set(without notifications and password changes), how it can be done?

    Thanks!


    1

    Wednesday, February 8, 2017 3:11 PM
  • OK, what I have now?

    If I change Set without disabling MPR - nothing changes.

    If I delete user from MIM portal and make a sync, user get in scope and ERL ig generated. If I correctly understand - generationg ERL is not requesting to chenge user password in future sync, is this is correct?

    Thanks!


    1

    Monday, February 13, 2017 1:34 PM