AD provisioning in a specific OU

Hi Experts,
Is it possible to change the provisioning for the Plugin "Create AD User" so that I can provision 'in a specific OU?
For example:
User X should I be added in the AD domain under "OU = Internal". Is it possible to target the user-provisioning to the OU structures of the AD?
By dedault the defined "starting point" and the MSKEYVALUE is used for the "dn".
What are your experiences?
Thank You!
Gerhard

Hi Deepak,
I would suggest you to do the following way.
1. Create a table in IDM and maintain the Bracnh to OU mapping, say in the table tblBranchtoOU.   Ex:
Branch     OU
Branch-A   OU1
Branch-B   OU2
Branch-C   OU3
2. Create an attribute  MX_Branch which lists the available branches. to list the available branches from this table. configure the MX_Branch attribute as below.
3. Configure your UI task for user creation such that, it lists the Branch values to select the branch during the user creation.
4. Write a script that accepts the Branch as input and do a look up on the table that is created in step 1 and return the corresponding OU.
5. Add this script to the plugin task for AD, "SAP Create ADS User"
6. In the destination tab of this pass, for the AD attribute dn, change the value based on your requirement according to the script. something like in   
   below    screenshot.
In IDM, you can achieve a solution in multiple  ways it depends on you, which logic you want to use.
Thanks,
Krishna.

Similar Messages

  • Target resource provisioning and (very) specific worflow

    Hello,
    I'm looking to build a specific use case into OIM 11g and I would appreciate some guidance.
    Upon AD account provisionning I want:
    1. create the account and set a random temporary password
    2. send an email to techies so with the account login and password so they can login as the user and setup his laptop
    3. techies would then acknowledge that their job is done
    4. OIM would reprovision another random password and set the "must change password" flag to true.
    how would you do that? should I heavily customize the AD Create User adapter? how can I interact with SOA to get the acknowledgement? (or where/how could I do that?)
    thanks for your help!

    bcarlier wrote:
    Hello,
    I'm looking to build a specific use case into OIM 11g and I would appreciate some guidance.
    Upon AD account provisionning I want:
    1. create the account and set a random temporary password
    Let the out of box create user be called here and on it's complete and success call up another custom task which will assign the manual task to the support person. Here you can attach email notification as well.
    2. send an email to techies so with the account login and password so they can login as the user and setup his laptop
    3. techies would then acknowledge that their job is doneOnce the techie will complete the manual provisioning task, on it's complete call the change password task.
    4. OIM would reprovision another random password and set the "must change password" flag to true.
    how would you do that? should I heavily customize the AD Create User adapter? how can I interact with SOA to get the acknowledgement? (or where/how could I do that?)You dont need SOA for it as you are just assigning a manual provisioning task and not an approval to the support person. You donot have to cutomize the create user adapter but just customize the provisioning workflow.
    thanks for your help!
    http://docs.oracle.com/cd/E21764_01/doc.1111/e14309/promgt.htm#BCEJHFBF
    http://docs.oracle.com/cd/E21764_01/doc.1111/e14316/auth_selfservice.htm#CACBBJFC
    HTH,
    Bikash

  • Exporting specific user provisioning in 9.3.1

    Hi All,
    I am trying to find a way to export provisioning information to specific users.
    For exampled I d like to export all roles for 5 specific users. Is this possible?
    What would be the export.user.filter parameter?
    Thanks for your help.
    Seb

    Thanks John,
    I cant get it to work for some reason.
    Have you tried converting native users to MSAD??? This is what Im trying to do for a handful of users first.
    I was planning on exporting provisioning data for these few users. However I only seem to be able to export provisioning data for either one user (specify username in properties file) or all of them (user *).
    We have over 500 native users. If I export everything then trimming the file down to only keep these few users is close to impossible.
    Thanks,
    Seb

  • How to Add a single Transaction to Base role of a User in GRC AC 10

    Hello Gurus,
    I would like to know if it is possible to assign a single transaction to a user in his default roles.
    e.g) We have some Users who have been assigned some default roles, and in some case if a user requires authorization only for a one transaction e.g.) FB08 or for the matter any transaction , instead of adding a role containing many other transactions , we would like to assign only this transaction to the user.
    OR
    In other example , if a user sends a missing authorization request i.e. SU53 screenshot , and that only one transaction needs to be assigned , how can it be provisioned to that specific user ?
    Is it possible in GRC AC 10 , by using CUP or BRM ?
    Looking forward for your opnion.
    Regards,
    Victor

    Hello Victor,
    In this case, why don't you create a role including only FB08? You cannot assign a user a transaction, you have to assign a role. This is the authorization concept in SAP.
    Cheers,
    Diego.

  • Balance sheet for company codes

    Hi ,
    Is it possible to get conslidated balance sheet for multiple company codes in ECC6.0 in NEW GL.we are already activated new gl and getting B/S on profit center level under single company code.
    But now we need to split our locations or profit centers as seperate company codes without creating them as legal entities,so we will do intercompany sale transactions where customer orders a product from company A, which doesnt have that product with them, so it will be shipped from Plant of company code B. then customer pays to company A directly and another intercompany  billing will be generated by company code B ,and company code A pay company code B internally.
    My questions is how can we get a consolidated B/S for company code A, company code B or comapny code C?
    Regards
    Shaun

    Hi,
    Using transaction code "F.01" you can draw consolidated balance sheet by selecting company codes to be included in the selection fields.
    Using the same transaction, you can draw individual property balance sheet also.  In this transaction, there is a provision for selecting specific profit center option.
    Sarma Bhamidipati

  • Migration to Shared Services

    Has anyone had much luck migrating security to shared services? Or have you had to just recreate your security in the new system? We're trying to migrate from Hyperion 7.1(Essbase, Analyzer, Intelligence) to Oracle EPM 11G and are running into some issues with groups and provisioning. Nothing specific, I'm just wondering if it would be easierto just recreate our system and if anyone has run into similar issues.

    There is a utility under cssimportexport utility under Hyperion/Commom/Utilities.This should be of some help when migrating users/groups provisioning.

  • Have Eudora, need to import *.mbx files to thunderbird, what directory do

    I'm updating from Eudora 7.1 to Thunderbird because my net provider is changing port numbers and Eudora does not appear to have provision to define specific numbers. My current Eudora has several thousand stored messages in many folders, I want to propagate these messages to Thunderbird.
    Mike

    I've never tried it myself, but it sounds from this article as though it should be fairly automatic: http://kb.mozillazine.org/Importing_from_Eudora_%28Thunderbird%29
    I think it should be possible to try the import and compare the two side-by-side to see how well it worked.
    Let us know how you make out.

  • HELP! A web app is messing with me!

    So I was playing with the web apps on the apple site and saw one for BOA online banking.
    I decided if I could pay my bill here it would be cool.
    Unfortunatly, it is not full functioning yet, all I can do is view my account!
    I've actually forgotton about it, until I tried to access my online BOA banking from iPhone.
    Now everytime I try to go to any Internet BOA online banking it redirects me to the crappy app.
    Even when i enter the web address.
    Ive trurd deleting all web info from phone.
    Help
    thanks

    I've tried the bofa mobile banking it works for me. Hekc, I've even paid a bill using this.
    I suspect u may have entered the information incorrectly when u initially logged in and now the cookie information is saved, it's messing u up. Go to setting-> safari and scroll down. There u'll find a couple of buttons for clearing history and cookies. Clear the cookies and try it again.
    Downside, is any cookies saved for other sites will also be wiped out. There's no provision to delete specific cookies (at least, I don't know of it). Hope it works out for u...

  • Code signing operation failed

    I got a very frastrating broblem suddenly after I refresh my provisioning profile. I can't distribute any project any more. The error message like this when I'm trying to distribute my project as an ad-hoc ipa.
    Code signing operation failed
    Invalid arguments were passed to codesign. Arguments were: --sign fd2f30b26c9b384c635a044aefa90683239a434a --force --preserve-metadata=identifier,entitlements,resource-rules /var/folders/c6/yjp3wvhx2bv34_wpcg4j779c0000gn/T/AD6840D0-4776-4EEF-BFC6-9EBA2A 1188D6-212-0000012034964EA7/TestSigning.app/TestSigning
    It happens for all the projects even for the newly created one. (All those projects have no problems at all before I got this problem.)
    So I did:
    delete all provisions in xcode
    delete all certificate in keychains
    "Refresh" in "Provisioning Profiles"
    download distribution provision for the specific app
    generate the ipa file
    reinstall the xcode
    Unfortunately none of them work. All my projects can still be running in my device or simulate, but I can't distribute it any more. Can anybody suggest? Thank you so much.

    Hi Dude,
    Can you try this two steps?
    Step1: Open  Edit Scheme --> Click on Run 'Appname' in the left menu --> Go to info --> Build configuration into Distribution /release.
    Step2: Go to projects settings --> Info --> Under config --> Use "Distrbution/ release" for command line builds.
    After that clea the project once and try to distribute it.
    May helps.....

  • Provision that MRP is not be considered for specific line item of Sales Ord

    Is their any provision that MRP is not be considered for specific line item of Sales Order in MRP run? (Ex: Planned order is also generated for free/ADC sample quantity entered in Sales order)

    Dear
    Go to Sales and distribution--> Sales --> Sales Documents -->Schedule Lines --> Assign schedule line categories.
    Choose the item category (eg. TAN)  which is coming in the sales order and enter CN - No. Mat. Planning in the the manual schedule line category (MSL Ca) for MRP type PD.
    This will enable you to choose while creating sales order in the Tab procurement column SL Ca.
    Choose CN - No mat.planning for the schedule items which you don;t want MRP.
    Regards
    Soundar

  • CUP - UME to restrict for provisioning country specific roles

    Hi All,
    We have a unique requirement during CUP Implementation. We are implementing CUP for a customer and rolling out to various countries.
    With this scenario we have a single stage workflow which routes through the approval procedure of respective countries. Now that we have a problem where if a user selects another country role and by mistake if it gets approved the user might get a wrong role. [We have different naming convention for diff. country roles and each country has separte roles]
    Is there a way to restrict the country specific users to search only for that particular country role in UME or even if he searches other country role it should not allow the provisioning of a different country role  to that particular user.
    Ex: User A belongs to X country. Roles of X country are starting with X1 ... series. Similary Y country roles are starting with Y1..series.
    Is there a way to restrict User A only to serach and select only roles of X1...series and gets restricted for provisioning to X1..series only.
    Thanks and Best Regards,
    Srihari.K

    Hello Sri,
    You can create country specific business processes and assign the role to the Business Process, Functional Area or Company. By selecting the "country" in the configured field, at least only those applicable roles will show for the user.
    In the user form make such a field mandatory.
    Of course the user could select the wrong country in the field, but this will greatly reduce human error.
    -Dylan

  • When provision to Active Directory, how to create user in a specific OU????

    Hi all,
    I have installed Oracle AD Connector 9.1.
    When I try to provision a user to AD, the user is creating in the Users ou.
    1) How can I create a user inside a specific ou.(other than Users ou)?
    2) How can I add users to AD Groups?
    I have tried to solve this problem by reading the Oracle Connector Documentation. And I already done it for 3 times.(all the steps in that documentation). But, couldn't find any way to solve these problems.
    Also, I tried to read other forums. But, can not solve the problem.
    Please help me.
    Thank you.
    Chaturanga

    Hi,
    Just see the process form.You will see a field name organization.You need to pre- populate this fields as per your logic.Let me know if you have any clarifications.
    Regards
    Nitesh

  • OIM De-provisioning specific time

    Is there a way to set a specific time for a user to be provisioned instead of just the date? Currently users are disabled at midnight on their last day but they still have one full day of work left and we don't want to change their actual end date just the time.

    You could create a delete recon event with a future date set to the minute. Then the jms queue should pick it up when the time hits.
    You could also decompile the deprovisioning schedule task to see if it is checking beyond the day in the query. Rewrite it to check to the minute or second then based on the scheduled task it would pick it up then. If it is checking already, you might want to set a pre-update event handler or entity adapter to append the time to be 11:59 PM to the end date instead of just the day.
    -Kevin

  • Provision Users (create users) in OID at a specific DIT location

    I have the current schema in place right now - (from top to bottom)
    dc=***
    dc=**
    cn=Users
    cn=**********
    I have installed the OID connector and I am able to provision the users successfully in cn=*********,cn=Users,dc=**,dc=***
    Now I want to provision (create users) in cn=*********,ou=people,dc=**,dc=***.
    dc=***
    dc=**
    ou=people
    cn=123456789
    How can I do that?
    These are the Resource Object details:
    Admin Password      *********
    Recon Attribute Lookup Code      AttrName.Recon.Map.OID
    SSL      false
    Port      389
    Root DN      dc=**,dc=***
    CustomizedReconQuery      
    Admin Id      cn=orcladmin,cn=Users,dc=**,dc=***
    Last Target Delete Recon TimeStamp      -
    Last Target Recon TimeStamp      -
    Last Trusted Delete Recon TimeStamp      -
    Server Address      123.456.78.9
    Last Trusted Recon TimeStamp -      
    Prov Attribute Lookup Code      AttrName.Prov.Map.OID
    Use XL Org Structure      false
    I have tried changes in this but was still not able to provision.
    Any clues/ideas? Didn't find anything in documentation.
    Thanks in advance!
    - oidm.

    Thanks for the reply!
    Nopes I have just used normal OID connector provided by Oracle.
    I figured it out.
    You just need to add a lookup value in Organization DN in Resource Object form like Code as "ou=people" and Decode as "people". And you need to pull these values into process form by prepopulate adapter or just put it manually.
    - oidm.

  • Provisioning an user to modify one specific dimension

    Hi,
    is it possible to provision an user to let him modify members on only one dimension?
    Thanks!

    Juan,
    This not possible if you are talking about planning Application. The user should have admin access to change any member property.
    -Tarini

Maybe you are looking for