• State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 93 subscribers
  • Views 13708 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AD group managed by a group not an account

Jonathan M
over 11 years ago

Hi,

I am working with a customer to put their AD groups into IT Shop & have come across an issue that I had not considered before.   In AD users and groups I can see that some groups are managed by other AD groups rather than an AD user account.

This is perfectly legal in AD.   However, our mapping connects the managedBy AD property to uid_ADSAccountManager (via a search of the FK table ADSAccount for the DN) so, when the managedBy is a group, our Manager parameter in the ADSGroup object is NULL

The knock on effect is that the product owner is not set in IT Shop.

This must have been encountered before.   Has anyone got any suggestions as to the best way to handle this ?

Thanks

Jon.

Parents
  • 0 over 11 years ago

    This might turn out as a problem. :-)

    Other idea to serve your problem:

    1. extend the schema with an new schema column to take the DN of the managing object

    2. create a process that kicks off on INSERT / UPDATE in case of an FULLSYNC, that takes that value into an dialogscript

    3. The dialogscript is determining if there is a object having exactly this DN in ADSGroup, to set the reference in the custom specific column <Customer-Prefix>_ManagedByGroup or otherwise set the UID_ADSAccount in the column UID_ADSAccountManager.

    Regards

    Carsten

Reply
  • 0 over 11 years ago

    This might turn out as a problem. :-)

    Other idea to serve your problem:

    1. extend the schema with an new schema column to take the DN of the managing object

    2. create a process that kicks off on INSERT / UPDATE in case of an FULLSYNC, that takes that value into an dialogscript

    3. The dialogscript is determining if there is a object having exactly this DN in ADSGroup, to set the reference in the custom specific column <Customer-Prefix>_ManagedByGroup or otherwise set the UID_ADSAccount in the column UID_ADSAccountManager.

    Regards

    Carsten

Children
No Data