Symantec IGA

  • Private Community
 View Only
Back to Library

Example Policy Xpress for relocating an Active Directory account 

Dec 06, 2016 01:11 AM

This is a sample Policy Xpress for Identity Manager that shows how to relocate an AD account. 

Remember to make sure that the account template for the user also reflects the relocation otherwise, the account will be deleted and recreated in the original container next time there is an account sync. 

 

1. Create a new PX and remember to enable it when you are ready to test.

 

2. Set a trigger for your PX. In the example, it is after ModifyUserEvent. 

 

 

3. Create your data elements. Perhaps you want to move your AD account based on the user's location or city. 

Here we get the user's city value and we also get the user's account. 

 

 

 

 

4. Create an action to move the account. 

5. Action condition is checked: Example, If city = Melbourne. 

 

 

 

6. Move the account to a different container. Container values are comma separated in the form: child,parent,top 

 

Statistics
0 Favorited
4 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

ANDREJ SANDYROV
Dec 06, 2016 04:50 AM

We use this method of moving account in our environment. You said, that "the account will be deleted and recreated in the original container next time there is an account sync".

From our experience, container in account template is using only during account creation. If AD account already created and after that relocated to another container with PXP, subsequent account synchronizations will not delete and recreate such account, so account will stay in new container. It really works.

 

Regards,

Andrej

Related Entries and Links

No Related Resource entered.