• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 93 subscribers
  • Views 13709 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD group managed by a group not an account

Jonathan M
over 11 years ago

Hi,

I am working with a customer to put their AD groups into IT Shop & have come across an issue that I had not considered before.   In AD users and groups I can see that some groups are managed by other AD groups rather than an AD user account.

This is perfectly legal in AD.   However, our mapping connects the managedBy AD property to uid_ADSAccountManager (via a search of the FK table ADSAccount for the DN) so, when the managedBy is a group, our Manager parameter in the ADSGroup object is NULL

The knock on effect is that the product owner is not set in IT Shop.

This must have been encountered before.   Has anyone got any suggestions as to the best way to handle this ?

Thanks

Jon.

Parents
  • 0 over 11 years ago

    Jonathan

    The most likely way to handle this would be the following approach:

    1. Use the SchemaExtension tool to extend the Q1IM database schema for the ADSGroup table with an FK column to the ADSGroup table itself

    2. Change the Mapping of your AD domain. Remove the connection between UID_ADSAccountManager and managedBy and establish an connection between your new column and managedBy. As FK table you would name ADSGroup, the search column for the FK table would be DistinguishedName.

    3. Publish the mapping.

    4. Sync (without update optimization at least once) and be happy

    Steps 1 to 3 could be done in less than 10 minutes depending on how familiar you are with the tool.

    Regards

    Carsten

Reply
  • 0 over 11 years ago

    Jonathan

    The most likely way to handle this would be the following approach:

    1. Use the SchemaExtension tool to extend the Q1IM database schema for the ADSGroup table with an FK column to the ADSGroup table itself

    2. Change the Mapping of your AD domain. Remove the connection between UID_ADSAccountManager and managedBy and establish an connection between your new column and managedBy. As FK table you would name ADSGroup, the search column for the FK table would be DistinguishedName.

    3. Publish the mapping.

    4. Sync (without update optimization at least once) and be happy

    Steps 1 to 3 could be done in less than 10 minutes depending on how familiar you are with the tool.

    Regards

    Carsten

Children
No Data