Symantec IGA

Hi,

We have 2 provisioning roles(separate account templates) for AD account provision and Exchange provision. We have few Extended attributes that needs to be provision for both roles, so we used 'schema.ext' file to provision those custom attributes.

Issue we noticed is that custom attributes from only one template are getting provisioned but not from other. Meaning if custom attributes provisioned for AD base role, custom attributes from Exchange role are not provisioned and vice versa.

I see in provision server logs that it tries to update eTADSpayload attribute after second provisioning role assigned but reverting to pervious values. Please let me any suggestions on this issues. I also opened following support case.

Base Role Payload:

---------------------------

physicalDeliveryOfficeName:01:0007=%UCU01%;telephoneAssistant:01:0007=%UCU11%;comment:01:0007=%UCU53%;msDS-PhoneticFirstName:01:0007=%UCU55%;msExchAssistantName:01:0007=%UCU12%;msDS-PhoneticLastName:01:0007=%UCU54%;msDS-PhoneticDisplayName:01:0007=%UCU56%;

Exchange Role Payload:

----------------------------------

msExchPoliciesExcluded:01:0038={26491CFC-9E50-4857-861B-0CB8DF22B5D7};msExchMailboxTemplateLink:01:0154=CN=Read-it-and-Sweep,CN=Retention Policies Container,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=****,DC=****,DC=com;msExchOWAPolicy:01:0138=CN=OWAStores,CN=OWA Mailbox Policies,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=****,DC=****,DC=com;msExchExtensionCustomAttribute1:01:0004=O365;

schema.ext

-----------------------

physicalDeliveryOfficeName

msExchAssistantName

telephoneAssistant

comment

msDS-PhoneticLastName

msDS-PhoneticFirstName

msDS-PhoneticDisplayName

msExchPoliciesExcluded

msExchExtensionCustomAttribute1

msExchOWAPolicy

msExchMailboxTemplateLink

Provisioning Log:

--------------------------

20180405:012341:TID=0eeb40:CreateAcct:C551:C549:I: DFLT VALUES ACCT : eTADSpayload=(msDS-PhoneticDisplayName:01:0017=Sagar88 Tumma
20180405:012341:TID=0eeb40:CreateAcct:C551:C549:I:+la88;msDS-PhoneticFirstName:01:0007=Sagar88;msDS-PhoneticLastName:01:0009=Tummala
20180405:012341:TID=0eeb40:CreateAcct:C551:C549:I:+88;)###@
20180405:012341:TID=0eeb40:CreateAcct:C551:C549:I: DFLT VALUES POLICY: eTADSpayload=(msExchPoliciesExcluded:01:0038={26491CFC-9E50-
20180405:012341:TID=0eeb40:CreateAcct:C551:C549:I:+4857-861B-0CB8DF22B5D7};msExchMailboxTemplateLink:01:0154=CN=Read-it-and-Sweep,CN
20180405:012341:TID=0eeb40:CreateAcct:C551:C549:I:+=Retention Policies Container,CN=First Organization,CN=Microsoft Exchange,CN=Serv
20180405:012341:TID=0eeb40:CreateAcct:C551:C549:I:+ices,CN=Configuration,DC=****,DC=****,DC=com;msExchOWAPolicy:01:0138=CN=OWA
20180405:012341:TID=0eeb40:CreateAcct:C551:C549:I:+Stores,CN=OWA Mailbox Policies,CN=First Organization,CN=Microsoft Exchange,CN=Ser
20180405:012341:TID=0eeb40:CreateAcct:C551:C549:I:+vices,CN=Configuration,DC=****,DC=****,DC=com;msExchExtensionCustomAttribut
20180405:012341:TID=0eeb40:CreateAcct:C551:C549:I:+e1:01:0004=O365;)
20180405:012341:TID=0eeb40:CreateAcct:C551:C549:I: DFLT VALUES RESULT: eTADSpayload=(msDS-PhoneticDisplayName:01:0017=Sagar88 Tumma
20180405:012341:TID=0eeb40:CreateAcct:C551:C549:I:+la88;msDS-PhoneticFirstName:01:0007=Sagar88;msDS-PhoneticLastName:01:0009=Tummala
20180405:012341:TID=0eeb40:CreateAcct:C551:C549:I:+88;)

Alan_Baughersinam09SumeetMjaipr03

Hi  Venkata,

You are facing the design here.

eTADSAccount::eTADSpayload is a single valued (IsMultiValued: no) initial attribute (IsPolicySync: no).
Initial attributes are not impacted by the Synchronization Template process.
That means once the account is created with an initial eTADSpayload value, then this value will no more be changed if applying any other template against this account.

Regards,

Philippe.

Thanks Philippe. I spoke with Support team and they confirmed the same. Will test by keeping same eTADSpayload attribute in all templates.