• State Verified Answer
  • Replies 11 replies
  • Subscribers 82 subscribers
  • Views 7028 views
  • Users 0 members are here
Options
Related

Centralaccount name should not change after update the firstname ad lastname of users

Pankaj Singh
over 6 years ago

Hi Team,

I have implemented the logic to create centralaccountname . with the combination of Firstname and lastnameame and same centralaccountname is passing to samaccountname But if I am changing  the firstname or lastname value in Quest IDM,centralAccount is also changing while it should be constant.

Could you please help for this logic? It would be great help if you could share some chunk of code.

  • 0 over 6 years ago
    No need for code. If you turn off the "overwrites" flag on the template on centralaccount, it will not overwrite.
  • 0 over 6 years ago

    Hello,

    George's advice is not correct.

    If you remove the "overwrites" for the CentralAccount you would get the following issue:
    Let's imaging the centralaccount is defined as "<firstname>.<lastname>".

    Create a new person and set the firstname "Steffen" -> template is running and returns "Steffen."
    Now set the lastname "Einert" -> template is NOT running again because the property alread has a value!

    The final result would be incomplete.

    The same issue if you set the lastname 1st - the result would be ".Einert".

    The removing of the "overwrites" flag works only if the template depends on only ONE column.

    Resolution:
    Keep the "overwrites" flag.
    Add in the template the condition:

    ' do it only for NEW CREATED objects - not for existing ("loaded") objects
    If Not $[Isloaded]:Bool$ Then
        ... the template code
    End If

    Steffen

  • 0 over 6 years ago
    Ah....yes, you are exactly right. I'd forgotten about that. I should not answer so late at night.
  • 0 over 6 years ago

    I will try your code in template (centralaccount)

    If Not $[Isloaded]:Bool$ Then
    If CStr($ImportSource$) <> "ADS" And _
    (Not CBool(Connection.Variables.Get("FULLSYNC")) Or CStr($ImportSource$).StartsWith("EBS")) Then
    If CStr(Connection.GetConfigParm("QER\Person\CentralAccountGlobalUnique"))="1" Then
    Value = QDC_VI_AE_BuildCentralAccountGlobalUnique( GetValue("UID_Person").String, $Lastname$, $Firstname$, $MiddleName$)
    Else
    Value = QDC_VI_AE_BuildCentralAccount( GetValue("UID_Person").String, $Lastname$, $Firstname$, $MiddleName$)
    End If
    End If

    End If

    Here central account is mapped with samaccountname.If some create the account in AD side then How we can handle this case so I want to validate the samaccountname also in my code before creating the centralaccount.

    Can we validate the samaccountname during the creation of centralaccount? If samaccountaccount is not exist same as central account then after create the centralaccount.

    Regards,

    Pankaj

  • 0 over 6 years ago

    Hi Steffen,

    I have tried above code but it is not working central account is changing the user if I change firstname.

    Firstname MiddleName lastname Centralaccount
    First Middle last First.mi.last

    I have changes User Firstname from manager ,user central is also changed to "First1.mi.last"

    Can you please let me know How can prevent the changing of centralaccount and validate the centralaccount with samaccountname attribute.

  • 0 over 6 years ago

    Hi Steffen,

    Any update? Still I am unbale to resolve this issue.

    Can you give me some example code?

    Regards,

    Pankaj

  • 0 over 6 years ago

    Hello Pankaj,

    if you add the mentioned line "If Not $[Isloaded]:Bool$" the template will not be executed for existing objects.

    Only for new created objects.

    If the template runs in your db when you change the FirstName you haven't recompiled the template or the old template is in the local cache.

    To be sure: Recompile the whole db (scripts incl. all dependencies) and delete the local cache with these commands:
    rmdir /S /Q "%localappdata%\Quest Software\Identity Manager\Cache"
    rmdir /S /Q "%localappdata%\Quest Software\Identity Manager\AssemblyCache"


    To your additional question (validation of the SAMAccountName):
    I don't understand how it should work.

    Of course it's possible to check everything in the db inside of template. But I don't understand the rule in your case.

    For instance you could check if there is an ADSAccount with a specific SAMAccountName:
    If Connection.Exists("ADSAccount", "SAMAccountName='abc'") Then
        ' Do anything
    End If

    Or you could take the SAMAccountName of an specific ADSAccount and use it in the further code:
    Dim SAMAccountName as String
    SAMAccountName = Connection.GetSingleProperty("ADSAccount", "SAMAccountName", "<condition in SQL notation>").ToString

    But what's the condition?

    Steffen

  • 0 over 6 years ago

    Thank you very much !!

    samaqccount validation part i have laready fixed.

    now after cleared the cache ,it is also working.

     

    Regards,

    Pankaj

  • 0 over 6 years ago

    Hi Pankaj,

    Can you provide the way to check the CentralAccount name in Ad for uniqueness ?

    I have created custom script to generate the CentralAccount name as per my logic but I want to check in AD in addition to the check in persona table.

    Regards,

    Enayathulla

     

  • 0 over 6 years ago

    Hello Pankaj,

    I am not sure but maybe DirectoryEntry can help you to check the existents of AD Objects before creating the centralaccount.

    for example:

    Dim adEntry As New DirectoryEntry(strDN, LDAPLogin, LDAPLoginPassword, LDAPAuthenticationType)

    If Not (adEntry.Guid = Nothing) The

         If Len(adEntry.Guid.ToString()) > 0 Then

                Return True

         End If

    End If

    Regards,

    Tarigh