• State Suggested Answer
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 2033 views
  • Users 0 members are here
Options
Related

using synch service, how to created user add to group?

hmkwon
over 4 years ago

i use activeroles synchronization service

i create user to AD (oracle database-->AD)

and i create group same way

but created user dont add to group automatically

there is no way? create user and add to group automatically?

help me plz...

  • 0 over 4 years ago

    Hi hmkwon

    Before you can add a user to a group, the user object creation has to have completed, otherwise you'll get an error (New User Creation and Group Membership Changes (60642))

    There are a number of different ways to add users to a group however, and which method is best would depend on the use case you have

    1. Dynamic Groups (controlled inside the Administration Service)
    2. Group Families (controlled inside the Administration Service)
    3. Administration Policies  (controlled inside the Administration Service)
    4. Workflow  (controlled inside the Administration Service, but you could use this to add to group when an attribute changes)

    If you need to control a users group membership (some or all), you could do one of a couple of things

    1. If your oracle database hold a single record for each user object, which lists all groups, you could just populate a VA with the groups the user should be added to, then use a workflow to find those groups and and ensure the user is added to them
    2. If your oracle database holds a single record for each group object, which lists all users that should be a member, you again could populate a groups VA with the users, then have a workflow find all the users and add them to the group

    For these two, you'd also need to think about if you need to remove users not listed in your database (added via AD), and also if you need to remove users which were added via this method, but are no longer listed as members in your database (added via Sync Service via a VA).

    3. The other option would be to have a scripted determine the users to be added (and find their DN, unless you hold an accurate DN in your DB), which then append this to the member attribute of the group.

    There are other options open to you, but I'd need to understand your use case and how your data which you want to control the group membership of the user/group is structured.

    Personally, I'd do this via option 1 or 2 (preferably option 2), but if you can explain the use case that would be helpful.

    Cheers

    Stu

  • 0 over 4 years ago in reply to Stu.Pollock

    hi !! thank you 

    but i dont solve the problem....

    i want using user's attribute,group attribute matching 

    so that when create user and group, automatically add to group..

    ex) department is finance(user's attribute) <ㅡ> displayname(group) is finance

          when is matching, automatically add to group

    i want it is possible..