Symantec IGA

 View Only
  • 1.  How I can get the value to enabled/disabled by a user in Active Directory from a data element in a PX?

    Posted Oct 07, 2015 09:00 AM

    Hi,

    I am try to get enabled/disabled value by a user account in Active Directory from Policy Xpress in a data element, I need this value to validate  AD account status previous to submit delete user task from IAM and stop delete task if user Identity status is Disabled but AD account are enabled.

     

    Thanks!!



  • 2.  Re: How I can get the value to enabled/disabled by a user in Active Directory from a data element in a PX?

    Posted Oct 07, 2015 11:54 AM

    Nando68, you'll want to itereate through your Active Directory users using the String Searcher which is your AD Enpdoint name.

    Once it finds the user objects Account iterator you can then get the value by the data element Get Account ID.

     

     

    Name: Get Account ID

    Category Accounts

    Type: Account Values by Identifier

    Function: Get

    Endpoint Type Active Directory

    Account Identifiers {Account Iterator}

    Attribute: Account ID

     

    Let me know if you have more questions.



  • 3.  Re: How I can get the value to enabled/disabled by a user in Active Directory from a data element in a PX?
    Best Answer

    Posted Oct 07, 2015 12:05 PM

    "Account ID (accountID)" will return the user's account ID value, not whether or not it's disabled -- use "Account Options (options)", instead.

     

     

    Account Options

     

    Click any of the following account options in the Available Values list box to specify account requirements for an ADS account:

     

    • Standard account
    • Store password using reversible encryption
    • Account is disabled
    • Smart card is required for interactive logon
    • Account is trusted for delegation
    • Account is sensitive and cannot be delegated
    • Use DES encryption types for this account
    • Do not require Kerberos authentication


  • 4.  Re: How I can get the value to enabled/disabled by a user in Active Directory from a data element in a PX?

    Posted Oct 07, 2015 12:40 PM

    You are right I made an error ....getting interrupted in my reply. my apologies to you both.



  • 5.  Re: How I can get the value to enabled/disabled by a user in Active Directory from a data element in a PX?

    Posted Oct 07, 2015 12:48 PM

    No need to apologize: I thought that was the right answer, until I took a second look at the question.  I apologize if I came off sounding like you needed to apologize for something.  Now I apologize for apologizing to your apology...



  • 6.  Re: How I can get the value to enabled/disabled by a user in Active Directory from a data element in a PX?

    Posted Oct 07, 2015 01:52 PM

    Glenda, Ralph Thomas

    Thank you very much for your answers, and I had noticed the right to consult attribute, however, I have error recovery data element.

     

    You can clarify me, if the appropriate value for the "account name" attribute in this data element is equivalent to the value on AD cn or sAMAccountname value, in this environment of AD both values are different.

    CN contains the long name of identity (display name) and sAMAccountname contains the short name (ex: fcontreras)

     

    CN = Fernando Mauricio Contreras Godoy

    SAMAccountName = fcontreras

    Captura1.PNG

     

     

    In my test, I'm having the %USER_ID% value, in this case is equivalent to sAMAccountname.

     

    Again thank you very much to both for your answers.



  • 7.  Re: How I can get the value to enabled/disabled by a user in Active Directory from a data element in a PX?

    Posted Oct 07, 2015 02:13 PM