Symantec IGA

Expand all | Collapse all

Lock/Unlock user in AD not reflected in IDM

Jump to Best Answer
  • 1.  Lock/Unlock user in AD not reflected in IDM

    Posted 05-23-2017 03:41 AM

    We have setup a reverse sync using Explore and Correlate. We are able to sync all the attributes from AD into IDM such as email, city etc however when we lock or unlock an account in AD and then run Explore and Correlate, the same is not reflected in IDM. Any places we need to look at. This is straightforward usecase.



  • 2.  Re: Lock/Unlock user in AD not reflected in IDM
    Best Answer

    Broadcom Employee
    Posted 05-24-2017 10:05 AM

    Hi Sajid,

    My suggestion to you is to open a support case. Considering all works but only the lock/unlock isn't then I would imagine we shall need to learn of the attribute mapping and see if that includes the lock/unlock attribute, possibly need logs to look at what they show - all of which best addressed via a support case.

     

    Thanks,

    Sagi



  • 3.  Re: Lock/Unlock user in AD not reflected in IDM

    Posted 05-25-2017 05:21 AM

    Alright, But anyone has any idea of what attributes should be mapped? The idea of putting the questions community is the possibility of getting multiple views



  • 4.  Re: Lock/Unlock user in AD not reflected in IDM

    Posted 05-25-2017 07:10 PM

    Hi Sajid,

     

    Where exactly are you looking for account locked attribute after explore/correlate? Are you opening the AD Account from the endpoint contents or are you looking at the global user?

    Maybe provide a screenshot? Unless you already raised a case for this, then we can probably look into that.  



  • 5.  Re: Lock/Unlock user in AD not reflected in IDM

    Posted 05-29-2017 03:46 AM

    Hi, 

     

    We have use Case:  IF AD Account is disable and when we run the E&C than IDM user should also be Disabled.

     

    From IDM to AD disable/Enable is working fine. 

     

    We are looking the Reverse Sync for Enable/Disable ...

     

    Thanks,

    Harpreet Singh



  • 6.  Re: Lock/Unlock user in AD not reflected in IDM

    Posted 05-29-2017 06:20 AM

    As Harpreet mentioned, We are facing problem during Reverse Sync.

    The user is disabled in AD first and then IDM user also should be disabled after running explore and correlate which is not happening



  • 7.  Re: Lock/Unlock user in AD not reflected in IDM

    Posted 11-29-2017 03:42 PM

    Sajidkhan1310831 - Could you please share if you were able to achieve this ? Was it OOTB ?



  • 8.  Re: Lock/Unlock user in AD not reflected in IDM

    Posted 11-29-2017 03:44 PM

    Marline!

    Could you please provide some more information on this discussion ? - Much appreciated



  • 9.  Re: Lock/Unlock user in AD not reflected in IDM

    Posted 11-30-2017 12:25 AM

    Hi Rashmeet,

     

    Yes, the use case works OOTB. 

    What you need to do is make sure that the global user locked attribute is mapped to an user store attribute. You can check this in an export of your provisioning directory.xml file. 

     

    If you are still having trouble with this, raise a case and we can take a look. You can ask to have it assigned to me if you wish. 

     

    Kind Regards,

    Marline



  • 10.  Re: Lock/Unlock user in AD not reflected in IDM

    Posted 10-17-2017 07:06 AM

    Team,

    We have a similiar requirement. Is anyone able to get this solution working via reverse sync?

     

    TIA