locked
Provisioning Users from an AD Group RRS feed

  • Question

  • Hi,

    is it possible to provision users only from an AD group, using the Portal, to another forest?

    what are the steps required?

    Sunday, February 19, 2017 4:46 AM

Answers

  • Hello Werner,

    Yes, it is possible, but it won't be an easy to implement. It would be much easier to make provisioning based on users with a specific value in one of account's attributes in AD for example.

    If you are using classic extensions done by code, you can calculate if user is a member of a group and fill metaverse attribute based on this information.

    If you are using synchronization rules then it's all about the set calculation, right?

    So in this case you would have to populate group in Portal based on AD membership and then create set membership based on group. So it is possible with some trick Example1 or Example2 using MIMWAL

    Whichever solution of those Examples you would take, all you would need to have are:

    1. Synchronization Rule that would provision new user in AD
    2. Workflow that would assign this SR to user.
    3. A Set of users that would be affected.
    4. MPR that would be transition in and would react when user enters set created in step "3" with action workflow from step "2" 

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Proposed as answer by Peter_Stapf Monday, February 20, 2017 2:56 PM
    • Marked as answer by Killer47x Tuesday, February 21, 2017 6:03 AM
    Sunday, February 19, 2017 2:06 PM

All replies

  • Hello Werner,

    Yes, it is possible, but it won't be an easy to implement. It would be much easier to make provisioning based on users with a specific value in one of account's attributes in AD for example.

    If you are using classic extensions done by code, you can calculate if user is a member of a group and fill metaverse attribute based on this information.

    If you are using synchronization rules then it's all about the set calculation, right?

    So in this case you would have to populate group in Portal based on AD membership and then create set membership based on group. So it is possible with some trick Example1 or Example2 using MIMWAL

    Whichever solution of those Examples you would take, all you would need to have are:

    1. Synchronization Rule that would provision new user in AD
    2. Workflow that would assign this SR to user.
    3. A Set of users that would be affected.
    4. MPR that would be transition in and would react when user enters set created in step "3" with action workflow from step "2" 

    If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.

    • Proposed as answer by Peter_Stapf Monday, February 20, 2017 2:56 PM
    • Marked as answer by Killer47x Tuesday, February 21, 2017 6:03 AM
    Sunday, February 19, 2017 2:06 PM
  • Dear Peter,

    A similar question though.

    I have two forests, want to move users from Forest A to Forest B only by using MiM Sync Service and not the portal.

    Currently, I have it set up halfway and can read the users from Forest A connector space and also in the Metaverse. But can not export to Forest B. Connector for Forest B works fine as far as import and sync are concerned.

    It will be a great help if you can give some light.

    Thanks.


    ranzaan.m

    Wednesday, February 22, 2017 10:17 AM