I've spent several days trying to solve the issue but it seems like I need your help on that matters.
1. Installed One Identity Manager Active Directory Edition in order to not overcomplicate
2. Registered Job Server and made sure I run initial sync well (now I have all the accounts and other information from AD in my IDM Database)
3. Set up Business role in the following way:
- assign few AD groups per role (no overlap)
4. I do have Account Definition for AD which is set up as "Automatic Assignment to Employees" for simplicity
Now, the issue is:
when I add the employee and assign to the Business group in either way a) with AD Account Definition assigned manually b) just having Account Definition assigned due to "Automatic Assignment to Employees" I do not see an account added to ADSAccount and therefore nothing goes to my target domain.
On the other hand once I create an account from my AD Target Browser manually (I do use Account Definition too) then everything works just fine - after provisioning workflow I can locate the newly created account in my AD
Well, right now I'm out of the ideas, it looks like everything is set up as per documentation but there is not automatic account creation happening on target and I believe that for some reason the issue is that there is no ADSAccount entry created on IDM side.
btw, I run version 8.1.1 and I use account with write permissions to the AD.
Guys, need your help. I'm desperate right now.