• State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 93 subscribers
  • Views 10319 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active Directory Synchronization

priyadarshm
over 10 years ago

Hi Team,

I have configured active directory synchronization in D1IM and imported all the user accounts from AD to D1IM.. I see an option in the manager tool to manually link the AD accounts to the Q1IM employee records, and I could successfully link the accounts manually. However I am looking for an automated script to perform the linking. Has anyone come across the script?

Thanks,

Priya

  • 0 over 10 years ago

    Hi Priya,

    for this purpose we have the script "VI_PersonAuto_ADS".

    Normally this script will be executed automatically by different processes, example: "VI_ADS/EX2K_ADSAccount_Insert/Update (Fullsync)".

    This process runs everytime when a new AD account was created/updated during a sync.

    The 1st step of this process ("Search and Create Person for Account (Fullsync)") executes the mentioned script and searches/creates a person for this account and assigns the person with the account.

    The behavior depends on the config parm "TargetSystem\ADS\PersonAutoFullSync".

    I hope these information points you in the right direction.

    Best regards,

    Steffen

  • 0 over 10 years ago

    Hi Steffen,

    Thanks. I could successfully link the accounts with the above said configuration parameter set. However the accounts are linked in 'Unmanaged' mode. Could you let me know how I could link the accounts in a fully managed mode?

    Thanks,

    Priya

  • 0 over 10 years ago

    Hi Priya,

    that's dangerous.

    The primary object in Q1IM is the person.

    Unmanaged accounts doesn't get any properties from the linked person.

    Full managed accounts gets a lot of properties from the person.

    When you change the managelevel from 0 to 1 the account will be changed in nearly every case.

    You could get changes like these:

    - change of the login name

    - change of the location of the home directory

    - change of the properties for the remote access

    - ...

    That's why it's not recommended to change EXISTING accounts from unmanaged to full managed automatically via a process.

    You can do this manually - in this case you have an overview of the changes.

    Normally the exisiting accounts stay on "unmanaged" and only new created accounts (by processes in Q1IM) will be "full managed".

    So far the suggestions.

    Now I come to the information how you could do it even so.

    As I told you the creation/assignement of the persons will be done by the script "VI_PersonAuto_ADS".

    This script is an overrideable script.

    That means you can write a custom script (as overrides script) with the same code for now.

    This code can be modified to implement the needed changes.

    For instance you can modifiy this line in the script to use another manage level for the account:

    Acc("ManageLevel").NewValue = 0

    But I wouldn't do it ...

    Best regards,

    Steffen

  • 0 over 10 years ago

    Hi Steffen,

    Thanks.. the information was helpful..

  • 0 over 10 years ago

    Hi Steffen,

    On changing the employee assignment criteria to PersonnelNumber = employeeID from centraluser account = samaccoutname, I executed the synchronization..

    I observe that the fields Employee, and Managed Level in the user account information in Manager tool have disappeared.. Has the employee assignment criteria got anything to do with this?

    Thanks,

    Priya

  • 0 over 10 years ago

    Hi Priya,

    connected accounts will never be disconnected from the persons by a sync or by the processes for the assignment of the employees to the accounts.

    I think there is no relation between your mentioned change and the disappearance of the assignments.

    Steffen

  • 0 over 7 years ago
    Hi All,

    Can anyone please tell me how to change Synchronization for active directory in D1IM ?

    thanks
    Somee
  • 0 over 7 years ago
    Sorry Change Synchronization Configuration for active directory
  • 0 over 7 years ago
    Hi Somee,
    Two suggestions. First, I's recommend starting a new thread for this. Second, we need some more information to help you. Change how? In what way?
  • 0 over 7 years ago
    Hi Cerbone , Thanks for replying . Can you please go through the below mentioned post ,it's been posted by me

    Synchronization Editor :how to change Synchronization Configuration of Active Directory in order to remove outstanding accounts automatically from D1IM database ?