Symantec IGA

Hi,

I did following for Initial upload process for AD.

- Created IDM User and Autocorrelated /Corelated IDM user with existing AD User.

- Weak Sync on Template as Dont want to update Groupmembership.Even Strong Sync applies only on multiattribute like groupmembership.

My Question is how can i modify all profile attribute pushed from IDM to AD like organization data and Contact details ?that means synch IDM user attibutes to AD attributes.

Only Solution i could see is create an IDM user with bare minimum attributes and then After correlation Modify that user with all attributes and it will change all attribute in AD .

Is there any other way to sync/Overwrite/propogate IDM attributes to AD ? 

Thanks

renus:

Hi,

I did following for Initial upload process for AD.

- Created IDM User and Autocorrelated /Corelated IDM user with existing AD User.

- Weak Sync on Template as Dont want to update Groupmembership.Even Strong Sync applies only on multiattribute like groupmembership.

My Question is how can i modify all profile attribute pushed from IDM to AD like organization data and Contact details ?that means synch IDM user attibutes to AD attributes.

Only Solution i could see is create an IDM user with bare minimum attributes and then After correlation Modify that user with all attributes and it will change all attribute in AD .

Is there any other way to sync/Overwrite/propogate IDM attributes to AD ? 

Thanks

 

 

 

Hi All,

Any suggestions here for this member?

Thanks!

Chris

Hi,

Any solution to this would be of great interest to me as well. We have many problems with this today. The only solution we have found is to make a 'fake' change in the AD templates (do no propagate this change to the accounts), then change the template attributes back again. You may then chose to propagate values for these attributes to all AD accounts using this template.

This is by no means a very good solution, but it works.

Regards,

Mikael Granhaug

Hello

If you need to update these fields and do it without templates, try it using PolicyXpress. One idea for doing this is to create a special task such as "ModifyUsersSpecial" ... created as copy of the ModifyUser task, but not synchronize accounts and policies.

The PolicyXpress run when the "tag" of the task is "ModifyUsersSpecial" and update the fields you want from the identity to the AD. Of course, you will select all the fields that interest you only.    If there are massive changes  can be used "bulk load" calling the new task "ModifyUsersSpecial" ...your PolicyXpress will made the changes for you.  That's other way to sync and propogate IDM attributes to AD.

This works really well, do not hesitate to try it.

I hope be useful for you

Efren