ADSAccount is not created automatically

Hi everyone,

I've spent several days trying to solve the issue but it seems like I need your help on that matters.

1. Installed One Identity Manager Active Directory Edition in order to not overcomplicate

2. Registered Job Server and made sure I run initial sync well (now I have all the accounts and other information from AD in my IDM Database)

3. Set up Business role in the following way:

- assign few AD groups per role (no overlap)

4. I do have Account Definition for AD which is set up as "Automatic Assignment to Employees" for simplicity

Now, the issue is:

when I add the employee and assign to the Business group in either way a) with AD Account Definition assigned manually b) just having Account Definition assigned due to "Automatic Assignment to Employees" I do not see an account added to ADSAccount and therefore nothing goes to my target domain.

On the other hand once I create an account from my AD Target Browser manually (I do use Account Definition too) then everything works just fine - after provisioning workflow I can locate the newly created account in my AD

Well, right now I'm out of the ideas, it looks like everything is set up as per documentation but there is not automatic account creation happening on target and I believe that for some reason the issue is that there is no ADSAccount entry created on IDM side.

btw, I run version 8.1.1 and I use account with write permissions to the AD.

Guys, need your help. I'm desperate right now.

Parents Reply
  • As Troy has mentioned you have too many tasks in the job queue that are not executed and these are blocking the DB Queue calculations. Especially the 5 ADS_ADSDomain_Read and %_PostSync Jobs. 

    You need to ensure that these have been run or if you yre sure they have been run at least for one time, you might want to delete them to check if your queues start to process again.

Children