Symantec IGA

Hi All,

Currently we are trying to do move OU based on an attribute on user profile, e.g. "Group".
So once that specific attribute is changed, then it will trigger move OU without deleting user account in AD.
How to do this?

We have done move OU but using comparison between 2 attributes (old and new values).

Kindly need your feedback.
Thank you.

------------------------------
Best Regards,

Ivan P.
------------------------------

First you need to change the Create User and Modify User tasks to be set with AccountSync=OnEveryEvent otherwise account creation via provisioning roles would be the last thing done and you would not be able to manipulate those accounts. You also need to add Account Container filters to the AD Template based on the whichever attribute is being changed on the provisioning user. You then need to create a PX Policy of type=SubmittedTask triggered on Task Completion of the Modify User task that will check if that IM user attribute value has changed and if so will move the AD Account to the new OU based on the that changed value.
Original Message:
Sent: 06-24-2019 03:33 AM
From: Ivan Pratama Kurniawidjaja
Subject: Move OU Triggered By An Modified Attribute

Hi All,

Currently we are trying to do move OU based on an attribute on user profile, e.g. "Group".
So once that specific attribute is changed, then it will trigger move OU without deleting user account in AD.
How to do this?

We have done move OU but using comparison between 2 attributes (old and new values).

Kindly need your feedback.
Thank you.

------------------------------
Best Regards,

Ivan P.
------------------------------