ADCS Delete user process task

I am very sorry to ask this question to you, But I am helpless here,
Dev team has implemented Provisioning/DeProvisioning process for AD. If user terminated, OIm first disable the user's AD account and after 21 days, its deletes the AD account. I am not able to find, how and when "ADCS delete user" task has been invoked by oim. Can any one please help me to find it out.
Thanks.

There should be a schedule task which runs daily and check for the Termination Date for all these users, if its > 21 days then it must have been manually inserting this task in the user's AD resource profile

Similar Messages

  • How to call OID delete user process task from AD process definition

    Hi All,
    I wanted to call OID delete user process task from AD process def. I have created a process task in AD Process def which will be integrated with OID Delete User adapter. How can i map OID related attributes to the adapter api?
    Expected inputs for OID delete api :
    root DN
    orgDN
    admin pwd
    server
    attr lookupcode
    XLOrgFlag
    sProcessInsKey
    UserID
    PDataOrg
    port
    AdminID
    SSLFlag
    here i cannot map some like : sProcessInsKey
    any pointers would be appreciated.
    Regards,
    Ashok

    OID delete user process task from AD process defWhy don't use call Revoke Resource API ?
    http://otndnld.oracle.co.jp/document/products/id_mgmt/idm_904/doc_cd/javadocs/operations/Thor/API/Operations/tcUserOperationsIntf.html#revokeObject%28long,%20long%29
    Use getObject API
    Iterate through resultset.
    If RONAME == OID User then call revokeObject

  • How to catch rollback in Disable user process task in Xellerat User Process

    hi ...
    I want to send an email to manager group of the user, once the user is disabled from the OIM (when end date is reached). I created an adapter and attached it to the ‘Changed User Disabled’ process task in the ‘xellerate user provisioning’ process and add a new row in the “Lookup.USR_PROCESS_TRIGGERS” Lookup definition. (code key: USR_DISABLED and Decode: Change User Disabled ). This adapter executes only when the user status is equal to “disabled”.
    This works correctly when the OIM user disabling process execute without any errors. But sometimes while disabling the user it gives an error (“resource is not configured properly”) and rolls back everything and make the user active. But at the same time my adapter runs and sends the mail informing user is disabled but yet user is active.
    My problem is how can I find or catch rolls back transaction in the “Disable User” process task (which is in “Xellerate User” process”) ??? If I can get to know that a roll back is occurred then I can send a mail to OIM administrator, informing that user disable process is failed.
    Can someone please help me to find this..
    Thanks in advance :)
    Regards,
    i.k.

    Hi Rajiv,
    Error occurs while disabling the user due to resource configuration problems. ( error message is : DOBJ.RESOURCE_NOTCONFIGURED_PROPERLY -- One or more provisioned resource is not configured properly) In this case i know the problem and how to solve it. But what I want to know is in any case if disable process get fail and if things get roll back again, then how can I track that situation and send a mail to OIM Admin(informing the failure) instead of sending a mail to user managers saying that user account has been disabled.
    I think now my problem is clear…. Can u please help me to find this.
    Regards,
    i.k.

  • Disable Create User Process Task

    Hi,
    I am provisioning resource through code using OIM Client API, however i need to disable "Create User" Process Task so that it does not execute at the time of resource provisioning. We need to produce affect similar to target reconciliation. How can it be disabled?
    UZ

    In the design console, go to respective process definition , go to the Create user task and uncheck the "Required for Completion" box and check the Conditional box.
    Hope this will work.

  • How to disable an out of the box disable User process task  from resource?

    How should I disable the out of the box disable User process task that is assigned to a particular resource? If I disable this disable User process task, when the user is provisioned to the same resource will I be able to stop this disable User process from running?
    My requirement: I need to disable the disable user process task from three resources x, y and z. Whenever a user is provisioned to one of these resources I should stop this disable user process task an out of the box process task from running. How can this be accomplished?? Please help me out on how to configureto remove the process task in the OIM Admin console to stop the process task.

    You can avoid the disable task from triggering by removing the Disable Process Or Access to Application from the task effect drop down in the process task. But this task is triggered once the user is disabled. But still I didn't understand the exact scenario.
    By the way the disable task is triggered when the user gets disabled and not when the user is provisioned.
    Edited by: vindla on Aug 1, 2011 10:26 PM

  • OIM11gR2 - iPlanet Connector - iPlanet Trusted Delete User Recon Task

    Hello All,
    What is the standard OOTB action performed on OIM User when I run the iPlanet Trusted Delete User Recon Task?
    I couldn't tell from the connector documentation below:
    http://docs.oracle.com/cd/E11223_01/doc.904/e10446/using.htm#BABIJCFF
    Does it disable the OIM user?
    Does it delete the OIM user? (soft delete? hard delete?)
    I'm interested in soft delete.
    Thanks
    Adr

    Apologies, My previous post was intended for end date reaching.
    It just deletes the user from OIM. It does not care about end date or disable schedule jobs.
    However, the user status will be set as "deleted".
    http://docs.oracle.com/cd/E11223_01/doc.910/e11197/using_conn.htm#CACGJGGA
    P.S I gave this document for AD (However, it applies to any connector document as it is basic definition of trusted source).
    The basic behaviour and definition of trusted reconciliation is to delete the user identity in OIM if itis deleted in the source system.
    Cheers,
    Tejo.

  • OIM 11g attaching an adapter to the delete user process

    Hi everyone,
    Is there any way to attach
    1. A process task adapter to the Delete User task for the Xellerate User process. Either through creating a new task and linking this task to the Delete User task or modifying the out of the box event handler.
    2. Or an entity adapter to User on pre delete. (from what I understand you can't do this in 11g)
    What I'm trying to do is obscure a user's information in the database before or after they are deleted. I'm trying to avoid event handlers. Any help would be greatly appreciated.

    You should be able to create a pre-process event handler on the User object for action Delete.
    -Kevin

  • Dependency in Xellerate User process task

    I create a process task in xellerate user process and in de dep table create de dependency, to execute before the add user task, but the task never start. I modify to execute before System Validation with the same result.
    The task is not conditional, allow multiple instances and required for termination.
    Why the task don't start, is this normal with oim11g?

    If you are using OIM 11g you may want to look at using an event handler to manage such user process customizations rather than Xellerate user adapters. These are the newest way of handling such customizations on user objects and I think may give you better compatibility going forward. In your case a pre-process handler seems appropriate. Refer to the OIM developers guide for details.

  • Xellerate User Process Tasks

    Hi experts,
    When I see AD user or iPlanet User process definition, it contains tasks for Update attributes (like first name, lastname,telephone...). But when I see Xellerate User Process, it doesn't have it. So how does attributes update happens in OIM? Also, there is nothing in Add User task in Xelerate User. I mean no adapter integration, then how does it go?
    Please explain me or point me to approp. url. Thanks.

    User attibute update via trusted reconciliation .
    What you see in AD Process definition are the task responsible for pushing the info from OIM to AD Target.
    For OIM user , trusted reconciliation should bring in all the updates
    Thanks
    Suren

  • Can we add process tasks to Xellerate User process?

    Hi,
    Can I add a process task- unconditional one to "Xellerate User" process definition?
    I want certain fields to be populated in User Profile Form, when the user is created/updated.
    Please advice

    I could manage to trigger the Xellerate User Process Task and it runs fine, but when trying to update the OIM user field, it throws the below error:
    oracle.iam.platform.authz.exception.AccessDeniedException: You do not have permission to modify the [USR_UDF_IPWD] attributes of the user with user key null.
    at oracle.iam.identity.usermgmt.impl.UserManagerImpl.modify(UserManagerImpl.java:830)
    at oracle.iam.identity.usermgmt.impl.UserManagerImpl.modify(UserManagerImpl.java:971)
    usrManager.modify("User Login",sUserLogin.toString().toUpperCase(), new User(null, usrDetails));
    usDetails hashmap contains the key, value pair which needs to be updated.

  • OIM 11g changing process tasks on Xellerate User

    Hi all,
    I am trying to send an email when an OIM user gets disabled. To do this i would like to set the Notification for the "Disable User" process task on Xellerate User.
    However, any attempted change to the process tasks gives this error:
    The security level for this data item indicates that it cannot be updated.
    Update failed.
    Update failed.
    Adding a post-update event handler doesn't work in 11g anymore as well.
    What would be the suggested way to send emails and fire adapters on changes to the user profile?
    Thanks for your thoughts.

    Hi Kevin,
    I got it working by creating a new process task with task effect: Disables Process Or Access To Application
    That process task had an adapter attached that would send the mail.
    After your comment I went on to experiment with the notifications. Earlier i couldn't get them to be sent, but after creating a new process task (setting the tcCompleteTask handler and the notification) it started sending the emails. And now I don't need the custom adapter anymore.
    Not sure what changed, thanks for your input.

  • Trigger another Process Task after Enable User completed

    I would like to have a process task trigger after the "Enable User" process task successfully completed.
    E.g. Scenario
    A user currently has a disabled resource. When I enable the user, the Enable User process task
    gets called and enables the user. After that I would like to have my custom process task triggered after that.
    I tried adding my custom process task in the Enable User task as a dependent task, but it never gets called.
    Also, I tried adding the custom task to Tasks to Generate but that did not work.
    What am I doing wrong or am I missing a step?

    Instructions:
    Goal: When 1st process task is triggered, the 2nd process task will kickoff.
    1. Select the 1st process task
    2. In the Task Dependency Tab of the 1st process task, add the 2nd process task in the Dependant Task section.
    3. In the Responses Task of the 1st process task, select the SUCCESS response and add the 2nd process task in the Tasks to Generate section.
    IMPORTANT: Each response has its own Task to Generate. So make sure you add to the response you want the 2nd process task to trigger off by.

  • Unable to set the Process Task configuration

    Hi All,
    I have AD Process where in there is a duplicate task customized for adding group to the user. Now, I am unable to delete the process task.
    Also, the columns - Table name "UD_ADUSRC" is selected in CHILD TABLE column and "insert" is selected in TRIGGERTYPE.
    How can I de-select the above? This will ensure that the task is not triggered when we try to add the group in the child table.
    Please help

    You cannot delete a task once added. Workaround is to mark it conditional and attach the 'tcCompleteTask' adapter to it.
    Or, take export of it and remove it from the xml, De-Install the connector (if on 11g)/revert the database and re-import the xml.
    HTH,
    BB

  • Remove Unused Process Tasks from Process Definition for Export

    Hi Everyone,
    I am trying to delete a process task that is no longer used in the process definition of our resource; however, I get an error indicating the "The task cannot be deleted it has schedule items". I would like to export the connector without this particular process task. Can anyone please provide any suggestions on how I can do this? Any inputs will be highly appreciated.
    Many thanks,
    Wendell

    Hi,
    As per my knowledge you cannot delete a process task, if the associated resource object has been provisioned to a user and the task which you wants to delete has been executed atleast once.
    But you can very well delete a newly created process task with which no user has been provisioned.
    Having said this, the workaround for your problem will be as follows.
    1.Remove all the adapters,task dependecies,status mapping,etc from the task (in current env)and make sure that it doesn't get invoked in any scenario.
    2.Now export this process definition to the new environment and before provisioning any user to that specified resource object , delete all the unwanted process task and save the process task.
    Hope this will solve your problem
    Regards,
    NS

  • Customize Process Task notification

    Our goal is to send a notification to group of users (members of a Role) when a Siebel Account is successfully created.
    To accomplish this task we used the legacy feature of OIM to send notification by doing the following:
    - create a custom Email Definition of Type = "Provisioning Related" using OIM Design Console - Process Management - Email Definition
    - add the above Email Definition to the provisioning task using OIM Design Console - Process Management - Process Definition - Siebel Process - Tasks - Create User - Notification
    This works as expected except the following issues:
    1. the Email Definition contains more than one field of type Date that are shown in English format (e.g. June 8, 2012) we would like to parse date values in a different format (e.g 2012-06-08).
    We have already tried to change the Email Definition attributes Language/Region from values "en/US" to "it/IT" but the notification stops to be sent until we rollback to original values "en/US"; is this a know bug or a miss configuration?
    In any case, is the Language/Region related to the date format?
    2. some attribute values in the Email Definition should be "transformed"
    Any suggestion how solve the above issues?
    As a workaround we coded a Java Plugin that sends email notifications (in this case we are able to write the email content as we want) and trigger this Plugin by an Event Handler but only for events related to the OIM User (CRETE/MODIFY/DELETE/etc..); we have no idea how trigger the same Plugin/Event Handler for the Siebel Account events. Is it possible? How?
    Thanks and regards,
    Gabriele.

    To "trigger the notification task (new task) upon Sucess response code of Siebel create user task" you mean:
    - create a Java Plugin with all the code needed to create and send the email notification?
    - create an Adapter of type Process Task that triggers the above Java Plugin passing all the required variables?
    - create a new Process Task that trigger the above Adapter and maps all the defined variables?
    - finally, set the above Process Task as of the original Create User Process Task?
    Is this correct? Did I miss some steps? Did you tried it?
    Thanks,
    Gabriele.

Maybe you are looking for