Modify a value with PutValue on Table script ADSGroup (OnSaving) does not trigger provisioning

What version are you using?

And, just for my understanding, You update the ADSGroup entry during a FullSync (what FullSync?) and changing a value in this ADSGroup in the OnSaving-Script. But then this value will not be written into the AD using a default AdHoc-Provisioning job?

Or did I get it wrong? (Custom AD Provisioning job?...)

What version are you using?

And, just for my understanding, You update the ADSGroup entry during a FullSync (what FullSync?) and changing a value in this ADSGroup in the OnSaving-Script. But then this value will not be written into the AD using a default AdHoc-Provisioning job?

Or did I get it wrong? (Custom AD Provisioning job?...)

We have currently the version 8.1.3.102

Yes, we update the ADGroup during FullSync that read every night all data in by using Revision Timestamps.

The goal is, that we have one attribute in Active Directory that contains an User ID of the Owner e.g. user01, that is mapped in the SyncProject to CCC_Owner.
This attribute is filled by teams that have the permission to create AD Group outside from IAM, they are specify the Owner of new groups in this field.

Another Attribute on the ADSGroup is the RCH_UID_PersonOwner wich is not in the mapping and keeps the UID_Person of the Owner (The Template is calculating this on new groups, when the AD Group has specified the CCC_Owner). This is only initial, when the AD Group is created in the IAM system. From then on, we have another special product and process in the IT Shop that allows the owner to change the owner of a certain AD Group.

So this process is working for years very good.

Lately we tried to have a new feature implemented for all new groups, that does not have a value in the Owner Field or a value that is not really a Person found in IAM. In such cases we want so set in IAM a default Owner by a complex rule in the configuration.

This feature also works so far, but exactly in this cases, when during a FullSync the default owner is set in RCH_UID_PersonOwner (not in the mapping), then the ADSGroup is saved/modified and the Entity.PutValue("CCC_Owner"; value) is executed in the OnSaving script, this will not trigger the DPR AdHoc Sync to write CCC_Owner to AD.

It looks like the Entity that is saving does not really have the information that CCC_Owner is changed in a way that the DPR Process (ADS_ADSGroup_Update) is finding this in function DPR_NeedExecuteWorkflow. Ican only think of the Attribute .IsDifferent that is not set if the Data is changed on the OnSaving Script with Entity.PutData.

Probably if it would be possible, to set the attribute CCC_Owner to .IsDifferent, this would work, but I have not found this method on the Entity Column object.

Just as additional clarification. Did you check with a JobGen log that the generation of the process didn't trigger? Or was it triggered but the generation conditions haven't been met?

I would need to record a jobgen logs during fullsync, I will check, because only then it is not working.

In the other hand, if I change the RCH_UID_PersonOwner in ObjectBrowser, then the Value on CCC_Owner will be changed in OnSavig Script and the Job ADS_ADSGroup_Update is triggered correctly with the proper CausingEntityPatch:

<Op Columnname="RCH_UID_PersonOwner" Type="Value" ValType="String" AlreadyApplied="True">
<OldValue>d4d7fe90-f5a7-4dcb-aac2-8c3820134a37</OldValue>
<Value>32b3c463-644f-4335-ab2e-1f33da3e2f71</Value>
</Op>

<Op Columnname="CCC_Owner" Type="Value" ValType="String" AlreadyApplied="True">
<OldValue>userold</OldValue>
<Value>usernew</Value>
</Op>

I think I have seen the problem:

ADS_ADSGroup_Update Process

The Precode is: If Not CBool(Connection.Variables("FULLSYNC"))

See, by intention or design.

Option 1: You are marking the mapping to CCC_Owner to be re-written to AD during the sync so that OneIM is the master.
Option 2: You are defining your own "Sync" from OneIM to AD that is updating just CCC_Owner in AD.