Single Employee attribute update from ADS Account for all employees.

Hi,

Quick question, If I need to update only one attribute (say DefaultEmailAddress of Person) from AD user object (mail) for all persons after an Active Directory Synchronization Run, do I just modify the script , or is there an OOTB approach for this?

Given that the ADS/PersonAutoFullSync is Search and Create and I believe ADS/PersonUpdate has to be enabled.

Also, which is the script to be modified: ADS_PersonAuto_Mapping_ADSAccount or ADS_PersonUpdate_ADSAccount ?

I believe this is already set OOTB in script ADS_PersonUpdate_ADSAccount , but when I modified an AD account, it did not update the associated Employee attribute.

Am I missing anything?

Thanks.

  • Just too add a point, we would like ADS to be the master source of "DefaultEmailAddress" for employee.

  • Both scripts have a different use-case.

    • ADS_PersonAuto_Mapping_ADSAccount: Will be called during the full-sync from Active Directory to OneIM for (roughly, detail doesn't matter here) every unlinked account (where UID_Person is not filled).
    • ADS_PersonUpdate_ADSAccount: Will be called for any INSERT/UPDATE of an AD User in the OneIM database if the change is not coming from the user mapping (see bullet point one) and if the configuration parameter TargetSystem\ADS\PersonUpdate is turned on and the account needs to be just linked (no manage level assigned or the manage level is configured to never use data from IT operating data.

    So if you want to use the OOTB features for your use-case you might need to modify the generation condition of the process ADS_ADSAccount_Update_UpdatePerson that executes the 2nd script to match your use-case conditions.