This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UnDeprovision In ActiveRoles Sync Engine

Hello, 

So I can see in the Sync Engine workflows (Old QC)  we have the ability to deprovision a user. we can deprovision if the user doesn't exist in the CSV file.. or trigger a Deprovision based on Field if we are pulling from SQL.

However, I don't see an option to unDeprovision. Does one exist in the sync engine workflows?

I am trying to write a script which I think works.. however, the issue is where do I put it? if I add it to the Update Workflow and the user is reanimated from a termination, the workflow finds the user and tries to update the attributes.. which is alright.. however, if I just enable the UndeprovisionStatus.. it should restore everything to the original correct? regardless if attributes have been updated? 

there's got to be a simpler way.. 

any thoughts from the community?

Parents
  • In an Update Step, set edsvaUnDeprovision to a value of 1

  • yes.. im testing it right now.. its simple to set it.. its another thing to find if it is deprovisioined.. anyways.. this is what i have written in my update step.. but im still testing it..

    $SourceUserID = $srcobj["Personnel_Number"]
    $ADUserID = Get-QADuser -SearchAttributes @{EmployeeID=$SourceUserID}
    $IsDeprovisioned = Get-QADUser -Proxy -SearchAttributes @{edsvaDeprovisionStatus=1}
    Switch($IsDeprovisioned)
    {
    "1" {$UnDeprovision= ""}
    }

    $UnDeprovision

    so if the engine finds the deprovisiioned status. then it updates the edsvaUnDeprovision to 1.

  • This script will work, but it's overkill.

    Just set a scope in the Workflow on the source so that objects must meet the criteria of edsvaDeprovisionStatus=1

  • two things is the issue.. 

    1. the source doesnt have edsvaDeprovisionedStatus attribute as its an HR export.

    so i have it as a script and populating the UnDeprovision attribute.. only thing is that if i run it in Sync shell.. it works. but in the workflow its not seeing the user as a deprovisioined user.. so im not sure if i scripted it right..

  • For anyone else who may need this. I got this working.

    Create a scripted Source Attribute and forward sync to edsvaUnDeprovision

    $SourceUserID = $srcobj["Personnel_Number"]

    $ADUserID = Get-QADuser -Proxy -SearchAttributes @{EmployeeID=$SourceUserID}

    $IsDeprovisioned = $(get-qaduser $ADUserID -Proxy -SearchAttributes @{edsvaDeprovisionStatus=1}).edsvaDeprovisionStatus

     

    Switch($IsDeprovisioned)

    {

     1 {$edsvaUnDeprovision=1; break}

     default {$edsvaUnDeprovision = $null; break}

     }

     

    $edsvaUnDeprovision

Reply
  • For anyone else who may need this. I got this working.

    Create a scripted Source Attribute and forward sync to edsvaUnDeprovision

    $SourceUserID = $srcobj["Personnel_Number"]

    $ADUserID = Get-QADuser -Proxy -SearchAttributes @{EmployeeID=$SourceUserID}

    $IsDeprovisioned = $(get-qaduser $ADUserID -Proxy -SearchAttributes @{edsvaDeprovisionStatus=1}).edsvaDeprovisionStatus

     

    Switch($IsDeprovisioned)

    {

     1 {$edsvaUnDeprovision=1; break}

     default {$edsvaUnDeprovision = $null; break}

     }

     

    $edsvaUnDeprovision

Children
No Data