Hi all,
We have a scenario where we have defined various technical rules to add AD group memberships based on certain user attributes (cost-center, org code, department etc). Everything is working as expected when a new account is created - all technical rules fire correctly, and the user gets the correct AD group memberships.
During a rehire, we have defined a user-update rule and have action set to 're-apply selected technical rules'. We also have the 'Enable Account' as another action, to re-enable the AD account.
We are expecting it to fire a task to enable the AD account, and then 'add access' tasks based on the technical rules. But we only see the 'enable AD' account task... for some reason, the add access tasks to grant AD group memberships are never created. Is this because the AD account is in a disabled state?
We also have a technical BR rule, that creates a new AD account for new hires.
If we select this rule, then the system is creating a task for a 'new AD account', along with 'add access' tasks on this new account and the 'enable account' for the user's disabled account. That is incorrect - we don't want it to create a new AD account.
Any idea, what I am missing?
