Symantec IGA

Hello,

Is it possible in IDM to explore only single user in AD endpoint through etautil or something else?

Would be appreciated if someone can guide us here.

Thanks,

Shashank

Here are some ldapsearch commands which you can use. You need to edit them to be valid for your environment.

In this example we have an OU called MyOU with a sub OU called MySubOU.

All of these searches are base level so they will only explore the object pointed at. You would need to setup the OU tree structure initially by running the following two explore searches once.

To pull in the root OU called MyOU

ldapsearch.exe -LLL -h PROV_SERVER -p 20389 -D "eTGlobalUserName=imadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w PWD -b "eTADSOrgUnitName=MyOU,eTADSDirectoryName=MyADS,eTNamespaceName=ActiveDirectory,dc=im,dc=eta" -s base "(objectclass=*)" eTExploreUpdateEtrust

To pull in the sub ou call MySubOU

ldapsearch.exe -LLL -h PROV_SERVER -p 20389 -D "eTGlobalUserName=imadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w PWD -b "eTADSOrgUnitName=MySubOU,eTADSOrgUnitName=MyOU,eTADSDirectoryName=MyADS,eTNamespaceName=ActiveDirectory,dc=im,dc=eta" -s base "(objectclass=*)" eTExploreUpdateEtrust

Now in this example we have an account called MyAccount which resides under the MySubOU which we want to explore.

To pull in the single MyAccount

ldapsearch.exe -LLL -h PROV_SERVER -p 20389 -D "eTGlobalUserName=imadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w PWD -b "eTADSAccountName=MyAccount,eTADSOrgUnitName=MySubOU,eTADSOrgUnitName=MyOU,eTADSDirectoryName=MyADS,eTNamespaceName=ActiveDirectory,dc=im,dc=eta" -s base "(objectclass=*)" eTExploreUpdateEtrust

Now you can either run the Correlate With Existing or Create As Needed and this depends on which of the following you run. The first is for the correlate with existing where as the second is the create users as needed

ldapsearch.exe -LLL -h PROV_SERVER -p 20389 -D "eTGlobalUserName=imadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w PWD -b "eTADSAccountName=MyAccount,eTADSOrgUnitName=MySubOU,eTADSOrgUnitName=MyOU,eTADSDirectoryName=MyADS,eTNamespaceName=ActiveDirectory,dc=im,dc=eta" -s base "(objectclass=*)" eTExploreCorrelateUsers

ldapsearch.exe -LLL -h PROV_SERVER -p 20389 -D "eTGlobalUserName=imadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w PWD -b "eTADSAccountName=MyAccount,eTADSOrgUnitName=MySubOU,eTADSOrgUnitName=MyOU,eTADSDirectoryName=MyADS,eTNamespaceName=ActiveDirectory,dc=im,dc=eta" -s base "(objectclass=*)" eTExploreCreateUsers

Lastly, if you want to run the update just for MyAccount you would run

ldapsearch.exe -LLL -h PROV_SERVER -p 20389 -D "eTGlobalUserName=imadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w PWD -b "eTADSAccountName=MyAccount,eTADSOrgUnitName=MySubOU,eTADSOrgUnitName=MyOU,eTADSDirectoryName=MyADS,eTNamespaceName=ActiveDirectory,dc=im,dc=eta" -s base "(objectclass=*)" eTExploreUpdateUsers

Hello KennyV,

The main purpose was just to explore a single account and the script that helped here was provided by you.

ldapsearch.exe -LLL -h PROV_SERVER -p 20389 -D "eTGlobalUserName=imadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta" -w PWD -b "eTADSAccountName=MyAccount,eTADSOrgUnitName=MySubOU,eTADSOrgUnitName=MyOU,eTADSDirectoryName=MyADS,eTNamespaceName=ActiveDirectory,dc=im,dc=eta" -s base "(objectclass=*)" eTExploreUpdateEtrust

Thanks a ton for quick help

Regards,

Shashank