ADSAccount to Person fields

Hi Gary,

The attributes mapped/copied from ADSAccount to Person can be found in the overridable script ADS_PersonAuto_Mapping_ADSAccount.

HTH, Barry.

Hi Gary,

At least in 9x, you might want to have a look at the script ADS_PersonAuto_Mapping_ADSAccount , which controls this search, create or update behaviour. Lines 323 and further down have a list of updated attributes from AD to Person. You may customize the script to suit your needs.

First check your mappings at the AD sync project to make sure your AD object gets all the attributes you need from your active directory.

HtH

Depending on how complex your use case is.
You could also accomplish this by creating a new One Identity Manager connector.
That way you can use all the features of the sync editor.

Just an idea,
Niels

Dear Barry

I tried to edit the script ADS_PersonAuto_Mapping_ADSAccount from designer but it is not editable and I have checked the script is not locked, any idea why?

Thaks
Gary

Hi Gary,

The script is 'Overridable' so you have to make a copy of the script and externally give it a new name (starting CCC typically) and change it from 'Overridable' to 'Overrides'.

Then you can edit your new script.  Anywhere the old script is called from will now call your version that 'Overrides' the standard.

HTH, Barry.

Dear Barry

sorry to ask again, i have just tried to follow what you have advised. 

1) locate the script ADS_PersonUpdate_ADSAccount under overridable scripts node from Designer/Script Library

2) open ADS_PersonUpdate_ADSAccount script , then click copy script ADS_PersonUpdate_ADSAccount under task panel.

3) rename ADS_PersonUpdate_ADSAccount1 to CCC_ADS_PersonUpdate_ADSAccount

4) CCC_ADS_PersonUpdate_ADSAccount is showing under Overriddenscripts node

if I close designer and logon back, it says "System processing has stopped because the database assemblies are invalid. The system must be recompiled to solve this. Than i recompile the database, the screen is spinning forever. Any clue of this?

Thanks
Gary

I got this error

Designer 

1

[System.NullReferenceException] Object reference not set to an instance of an object. at system.Windows.Forms.NativeWindow.Callback[IntPtr,wparam,IntPtr lparam) at System.Windows.Forms.ComboBox.WndProc(Message& m)

Hi Gary,

Not sure where this went wrong ..... the internal name of the script must remain the same ...... so the start of the script should be:

Public Overrides ADS_PersonUpdate_ADSAccount(........)

Only the external name of the script should change to CCC (the top field called 'Script' in Designer.

But ...... that script is used when an ADSAccount is updated and you want the changes propagated to Person.

I thought you wanted to intervene when the Person account is created from the ADSAccount ...... in which case you want to override ADS_PersonAuto_Mapping_ADSAccount.

HTH, Barry.

Thx Barry, i have a AD sync connection, after reading the AD information, the corresponding ADSAccount record will be created at IDM, i have configure AD target system using Search and Create. Yes, the related Person record on IDM will be created as well. I want IDM to import more fields from AD to Person record such as personnelnumber. 

Thx

Gary

Hi Gary,

Then indeed you will need to override both scripts and ensure that the same data is inserted by the ADS_PersonAuto_Mapping_ADSAccount script as that which is updated by the ADS_PersonUpdate_ADSAccount script.  You will need to enable the config parm 'TargetSystem\ADS\PersonUpdate' (but you knew that).

Be aware that these changes will apply to ALL the AD domains that you have ..... if you want to only do it for say 1 domain out of 5 then you will need to code in some if statements targeting the UID of the domain.  Unfortunately this cannot be controlled at the domain level by config parms.

HTH, B.