Customer use some provisioning exits that are triggered on Active Directory POST_MODIFY_ACCOUNT event. He asked us to find a way to move this logic from the Provisioning Layer to the IM Layer.
Despite the way we are going to implement this logic on IM (PX / Event Listener / BLTH / etc.), it is mandatory that this logic is triggered only after the Active Directory accounts is changed on the endpoint.
Question: Is it possible to implement a reliable IM logic that will be triggered after the Active Directory account changes on the endpoint ?
More specifically : the question is on understanding the exact sequence of IM events triggered after an ADS account is changed on the native endpoint.
I just want to respond to your post. This appears to be a question pertaining to Identity Manager but I see that you've posted the question to that forum as well. Someone should answer your question in that forum.
Regards,Sandy GreenCA Support
It is possible using reverse synchronization.
Or you could trigger Policy Xpress after account synchronization.
These are the simpler options.
Then you have event listeners if you wanted something more complex.
The account update will usually occur on the account synchronization event.
Unless you are updating the account directly then other events come into play. You can see exactly what events till take place form the View Submitted tasks and then go from there.