Decisions Account to AD Object Attribute
Comments
-
Hello,
I am looking for answers to the following questions:
[ul][li][b]Which email attribute on AD account are we using to set the local Decisions Acct email?[/b][/li][li][b]Are we doing a compare when syncing an existing account from AD or just updating everything on the local account object?[/b][/li][li][b]Do we have logic in place to remove Domain and prefix from user identifier when syncing accounts from AD?[/b][/li][li][b]And what AD attribute is the user_identifier comparing to when sync is running?[/b][/li][li][b]What do we do to user identifier of local account when a name change occurs that modifies the user identifier field in the AD server?[/b][/li][/ul] -
[b]Q.) Which email attribute on AD account are we using to set the local Decisions Acct email?[/b]
A.) If the AD account doesnt have an email address we use the following format "SamAccountName@DefaultEmailDomain"
If the AD account has an email address, we use it directly.
[b]Q.) Are we doing a comparison when syncing an existing account from AD or just updating everything on the local account object?[/b]
A.) If the account is already in Decisions, we compare the last USN field of the Decisions accounts with the last USN field of the AD account. If theyre not equal, we update the account.
If it the account was deleted in Decisions, we restore it
We then update the following fields :
- Email Address - Same rules above apply
- Last USN = Last USN
- Distinguished Name = Distinguished Name
- Entity Folder ID = Server Folder ID
- Entity Name = SAM Account Name
- Is Active = Is Active
[b]Q.)Do we have logic in place to remove Domain and prefix from user identifier when syncing accts from AD?[/b]
A.) We create the user as follows "ServerLoginPrefix SAM Account Name" - THERE IS NO SPACE OR CHARS BETWEEN THE TWO
- / was originally there but it was removed
[b]Q.) And what AD attribute is the user_identifier comparing to when sync is running?[/b]
A.) We search the Decisions DB for that identifier in the format described above.
[b]Q.)What do we do to the user identifier of local account when a name change occurs that modifies the user identifier field in the AD server?[/b]
A.) This would be considered a new account.
Howdy, Stranger!
Categories
- 2.1K All Categories
- 18 General
- 155 Installation / Setup
- 991 Flows
- 86 Rules
- 203 Administration
- 204 Portal
- 433 General Q & A
- 600 Forms
- 282 Reports
- 3 Designer Extensions
- 38 Example Flows
- 32 CSS Examples
- 1 Diagram Tile
- 5 Javascript Controls
- 139 Pages
- 1 Process Mining
- New Features
- 150 Datastructures
- 50 Repository
- 169 Integrations
- 25 Multi-Tenant
- 21 SDK
- 40 Modules
- 38 Settings
- 20 Active Directory
- 12 Version 7
- 34 Version 8