Sync Service only create if startdate is today

Hi pdevos 

You can control this using the criteria steps within the a particular workflow step, IE:

For my "HR Provisioning" workflow, I have a step called "Creation from HR to ARS", within the settings of that step, I have configured a "Creation Criteria", where I say 

1) The StartDate value must be present in the HR source data (not necessarily required)

2) A Value generated by a PowerShell script, which must be true for the record from my HR data to be included.

This looks like the following:

The below script lookup the users "StartDate" column from my import source (CSV in this case)

It converts that value into a datetime value,

It then gets todays date

I then use workout (using a TimeSpan) how long until the users start date is until now

If the number of days is greater or equal to 0, I return true

if the number of days is negative, I return false

If I test that, I see of my 10 records in my HR feed, I need to create 7 out of the 10

Are the start dates for those users are today on in the past, the other three users have a start date in the future, therefore are not shown.

For the deprovision step, you'd amend the script to do similar to the script above, or just use a workflow to deprovision the user when their deprovision date (stored in your own VA) is reached.

For undo deprovision, you'd want to ensure that you amend you update step, so that the edsvaUnDeprovision attribute is set to 1 in your rules, set the value using a PowerShell, so that your can query the start and end dates, to ensure you actually should be undoing the deprovision action on a particular user.

Hope this helps.

Stu

Hello Stu,

Thanks for your extensive reply. 

Actually I do it in a similar way today, however this is causing a PS script to be triggered for each object (approx 40.000) , while a query would return the same data in just a second. 

I tried doing the same by creating a view in SQL, which basically works fine to get the data to the sync enginine, however when the assignment stops, the record will not be in sync anymore, so the syncservice will not deprovision it.

Hi pdevos 

As SQL view on the source data side, where you only show a list of users you want to create or update is fine. For the deprovisioning piece, you'd just add a "Deprovision" synchronization step to your workflow

Choose your source connection (in my case HR)

Then from the list under "Deprovision target object if", select the appropriate option. In your case, probably "Source object is deleted or out of synchronization scope". Basically meaning if its not shown in the Source feed, it should be deprovisioned in the Target (this is very powerful, so please be careful),

Another option in your SQL view is to include all objects (including ones that should be deprovisioned), but have an additional column in the source which indicates where the account should be active, then you can use this for deprovision, and use the "Source objects meets these criteria", and filter out the active objects and only deprovision the inactive.

Hope this helps.

Hello Stu, 

Thanks again for your reply. 

I am still considering how to deal with this, maybe it would be better to just accept more object in the flow. The risk of excluding from the view is that, if someone enabled the account in AD, the SyncSerivce will not disable it, as it's not in scope anymore. Or other object might have to reference attribute set to a randon value, but are not present in the HR data, those will get deprovisioned........dificult choices

Hello Stu, 

Thanks again for your reply. 

I am still considering how to deal with this, maybe it would be better to just accept more object in the flow. The risk of excluding from the view is that, if someone enabled the account in AD, the SyncSerivce will not disable it, as it's not in scope anymore. Or other object might have to reference attribute set to a randon value, but are not present in the HR data, those will get deprovisioned........dificult choices