• State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 4498 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Deprovision Script not setting attributes

Lethe
over 6 years ago

 Hello, 

 

as per subject I am setting up a deprovision script that which works outside ARS but is giving me headache when running with ARS as part of the pre-deprovision event. 

In a nutshell I have an hashtable of attributes that needs to be set:

 

$attributes = @ {
'attribute1' = 'value1'
'attribute2' = 'value2'
}

 

Hashtable contains 8 AD standard attributes and 2 ARS virtual attributes, issue is none of this is being populated. I've enabled script debug but no errors or anything is showing so before opening a case I thought to post here. 

As I said code is sound as it works perfectly outside ARS in a standard PowerShell session via Connect-QadService and the -Proxy parameter but not wihin ARS. 

If this makes any difference attributes in the hashtable are usually alredy present on the user object just with a different value (goal is to update these values with new values upon deprovision).

Am I doing something wrong? Do I need to clear atributes before updating them? Do I need to specify one by one?

Thanks for any pointer... I'm really lost at the moment :(

*EDIT* Just to add the same approach/cmdlet is used to update another standard AD attribute, actually standard to our AD using custom schema :-), which is usually empty and this works correctly that's why I'm puzzled...

Parents
  • 0 over 6 years ago

    Thanks Aidar but it's not that easy for us :-)

    I have other processes external to ARS taking care of disabling the account and doing other stuff, what I need to do within ARS is having L1 support deprovision the account which in our environment means running a bunch of scripts that will set attributes in turn consumed by the software handling the identity federation.

    So my need is indeed to update user's attributes with specific values according to a series of clauses which for whatever reason is not happening. 

    I start to wonder if I do need to first clear the attributes before setting the new value as this seems to work only on empty attributes. 

Reply
  • 0 over 6 years ago

    Thanks Aidar but it's not that easy for us :-)

    I have other processes external to ARS taking care of disabling the account and doing other stuff, what I need to do within ARS is having L1 support deprovision the account which in our environment means running a bunch of scripts that will set attributes in turn consumed by the software handling the identity federation.

    So my need is indeed to update user's attributes with specific values according to a series of clauses which for whatever reason is not happening. 

    I start to wonder if I do need to first clear the attributes before setting the new value as this seems to work only on empty attributes. 

Children
No Data