Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/19/2024 01:56 AM
Hello,
I would like to ask you if there is any possibility to not modify a specific attribute in AD for certain users.
This is because there are attributes for old users that we cannot change.
For example, there are users that in the customproperty30 have the attribute "NO_UPDATE", is there any possibility that in the USERUPDATEJSON there are attributes that are not modified if the user to which the account belongs has NO_UPDATE in the customproperty30? note that this only applies to SOME attributes, not all, so I do not think it can be done at user update rule level.
How can we avoid modifying the facsimileTelephoneNumber and userAccountControl in users that have NO_UPDATE in the customproperty30 in the following USERUPDATEJSON (simplified)?
{
"givenname": "${user.firstname}",
"userPrincipalName": "${user.systemUserName+'@test.com'}",
"sn": "${user.lastname}",
"cn": "${user.displayname}",
"userAccountControl": "${if(user.statuskey == 1){'512'} else{'514'}}",
"manager":"${managerAccount.accountID}",
"postalCode": "${user.locationnumber}",
"facsimileTelephoneNumber": "${user.customproperty7}",
"mail": "${user.email}",
}
Thank you in advance
Solved! Go to Solution.
06/19/2024 07:57 AM
facsimileTelephoneNumber : "${if((user?.customproperty23=='NO_UPDATE')){accountName} else {user.customproperty7}}",
Try something like above, if CP23 = ' NO_UPDATE' then provision the same value which is present in the account (accountname is just for sample,) here I am assuming that you are brining that value from target(facsimileTelephoneNumber )and storing it in some account attribute , so use that account attribute here, and if it is not equal to NO_UPDATE then provision the CP7 value.
Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
06/19/2024 10:27 PM
This is currently not supported for AD connector however supported for SAP connector only.
Upvote Idea - https://ideas.saviynt.com/ideas/EIC-I-5729
06/20/2024 01:55 AM
Hi guys,
Thanks for your replies. The best way to access the current value of the attribute in the account would be by accessing the task or directly to the account? e.g. task.accountKey.accounttype or account.accounttype ?
Kind regards,
Iván
06/20/2024 06:38 AM
In our project , we used account object.
Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
06/20/2024 09:35 PM
You can access either way. both going to provide same results
06/21/2024 12:34 AM
Thank you guys!