• State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 93 subscribers
  • Views 1526 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Employee changing to a different domain is not given the birthrights

nuruddinmazlan
over 5 years ago

Hi All,

We have 2 domains (Domain A and Domain B)

We have on-boarded an employee that is successfully registered to Domain A with the necessary birthrights and security groups.

However, when we test a use case whereby he is transferred to Domain B, he is able to be registered to Domain B, but it is not provisioned the necessary birthrights from Domain B.

The employee has records in Active directory for both Domain A and Domain B.

May we know how do we automatically provision the birthrights from Domain B?

ADSAccount for the employee reflects both Domains, whereby Domain A's name is strikethrough.

Thank you. 

  • 0 over 5 years ago

    How did you transfer the user from Domain A to Domain B?

    Is the flag IsGroupAccount set at the User in Domain B?

    What version are you using?

    That the name of the user in Domain is strikethrough hints to the fact that this account marked as "Not found in target system".

  • 0 over 5 years ago in reply to Markus Weiss-Ehlers

    Hi Markus, because we have dynamic roles in the birthright conditions, upon changing certain attributes in the Person object, the Person would have not satisfied the criteria to be in domain A and transferred to Domain B. We have the account definitions Mappings set to ADSAccount.IsGroupAccount and ADSAccount.UID_ADSContainer. We are using version 8.0.1

  • 0 over 5 years ago in reply to nuruddinmazlan

    Do you have two account definitions, one for domain A and one for domain B?

    Can you see the (unprovisioned) groups at the account in domain B in the Manager?