Automatic AD account creation when user gets created in OIM

Similar Messages

• Assign roles automatically when user gets created

  Hello,
  I want to know if there is a way to assign basic roles to all the users in the system when they get created in the back end as well in the portal.
  Thanks in advance.

  Hi Rahul,
  There is no such way to assign automatically basic role to all users. You can go for tool sugested by Alex.
  And also you can check one solution if this works for you  that we have used in Past and proposed by business. In that if the Basic role is like end user role and needed for all portal users.  Then you can create on Template users (Type dialog)  . Then you can create the new users by copying the template user.

• Task Does not get triggered when User is created through API

  Hi,
  Each new user in our OIM environment is supposed to have a iPlanet account. I have configured the access policy for the same and it works.There is also a process task which needs to be triggered once the user is successfully created in the DS. Following is my issue:
  1.When the new user is created through the admin console, the user is provisioned successfully to DS as well because of the access policy and the task also gets triggered successfully.
  2. There is an approval workflow for another resource, at the end of which a user needs to be created through APIs in OIM. The user gets created successfully in OIM and also get provisionined to DS just like in the above use case. However, the task fails in this case. I see that the task is being triggered from the user's resource profile, but the status is rejected.
  Can someone please tell me why is this happening. I initially though there was some issue with my adapter for the task, but in case 1 it works just fine.
  Following is the exception I get as soon as the iPlanet connector finishes creating the user in DS:
  java.lang.ClassCastException: java.lang.String
  at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpSETFIELDSONUSERCREATE.implementation(adpSETFIELDSONUSERCREATE.java:51)
  at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
  Thanks,
  Supreetha

  Hi,
  Have you checked the process data that you are passing to this adapter and check the mapping of process data to the adapter variable. Try to log the value which you get from process data. I got this error when I was trying to use the literal value from process data as "true" for a boolean value. This is a bug. This value is not actually a boolean value. It threw me error too sometimes back. Either you pass the boolean value from adaptor factory as a literal value or change the type boolean both in your code and the adapter.
  OIM works strangely. ;) All the best,
  Manila

• I'm trying to set up a sync account but when I get to the window with the "Create a new account" and "Connect" nothing happens when I push either of the buttons.

  I'm trying to set up a sync account but when I get to the window with the "Create a new account" and "Connect" nothing happens when I push either of the buttons.

  By the way, this is in the brand new Firefox 4, not an extension.

• Extract PO Requisitions when PO gets created

  Hi,
     We have a generic extractor to extract data from EBAN table (PO Requisitions).  However our generic extractor has delta set on ERDAT field which is changed date of PO requistion.  However when a PO gets created from the requisition from R/3 the PO requisition changed on date field i.e. ERDAT doesnt get a new timestamp.
  So we are not able to extract delta's from EBAN table when PO gets created off the requisition.
  Is there any way I can set delta on a different field of the EBAN table or is there some standard extractor which can do the same?
  Thanks

  we cannot create a generic extractor on EBAN table. There are few currency and unit fields, that refer to some other table.so  Its better to createa  view and proceed.
  For creating a view u can check with ABAPer on EBAN, it should be only Database view other views are not supported in Generic extraction
  After creating the view, go to generic extraction (RS02) and create Generic data source and save it.Replicate in BW side, then create DSO(ODS) then create Transformation between Datasource and DSO.
  Note: Generic extraction give after images. So its not recommended directly to the cube because there is no overwirte option in the cube.

• Auto Script which creates SAP Account when AD gets created.

  Hello Experts - Requirement is "Create SAP User account automatically when AD account gets created", can I acheive this through ECATT scripts?
  If this is possible, idea is to create an ECATT script and schedule it to run every night to find all new users on AD and create their account on SAP and lock their accounts.
  Do you think this can be acheived thru ECATT's?
  If not ECATT, is there any way out to acheive my objective. We are planning to reduce overhead for SAP User admins, I was thinking on following steps:
  1) New User request for AD
  2) After approval create AD account
  3) Design a scrip, which will look for all new users on AD and will create & lock them on SAP (Nightly Job or something)
  Your thoughts?
  Your suggestions are much appreciated.
  Thanks.

  Hi Martin,
  I have a customer with 16 million users in SU01. They don't use IdM and don't need it either at the moment.
  I have another customer with 700 users and they are implementing IdM because it makes sense. They need it to reduce complexity.
  There are no IdM license costs, unless you provision non-SAP systems.
  You can skip GRC by using a well designed concept for report RSUSR008_009_NEW if it meets your requirements - particularly the number of systems. It does however have it's limits (per ABAP client) and is not user friendly at first. Also no nice pie-charts for managers, etc.
  Emergency User Access comes in many shapes and sizes... SAP declined a development suggestion from me to improve the "FireFighter" tool so I developed it on my own for my customers using BAPIs and they are happy. The main requiremenent not fullfilled is that the user context changes so that you loose access to HR data, queries, variants, workflow items, purchase orders, etc. The FireFighter users also become obvious targets of attacks and the application users (dialog) need authority to change the FireFighter's passwords to use the application  - which means that they can use RFC to do the same without using the FireFighter transactions / logs / etc.
  Regarding other IdMs, I have experience with some, but documented here on SDN is only the password syncronization problems which Novell suffers from. These "problems" are intentional - or better said --> their own fault for using "hacks"...
  If you search for "Novell" you will find them.
  Cheers,
  Julius

• One fundamental question: When users gets ceated in IDM from trusted recon

  I have a very basic question which I am not able to understand.
  When user accounts gets created in IDM from trusted recon, then the trusted recon resource object is not displayed in resource profile page of the user account. If we want to see whether the user account was created through trusted source or by manually by admin, then where can we see that?
  This information is stored anywhere in IDM DB which will distinguish user accounts created through trusted recon and those created manually in IDM?
  Please let me know if you are not able to understand my question.
  Thanks,
  Kalpana.

  You may be able to use the USR_CREATEBY field in the database. For an admin created user this should contain the USR_KEY value of the admin who created the user. I think for a reconciliation created user it may contain the USR_KEY of the OIMINTERNAL user.

• Want to add one more link in the first screen when user gets into EBP

  Hi All,
  I want to add one more link to the template <b>WELCOME</b> in Internet Service <b>BBPGLOBAL</b>. This is the first screen that the user gets when he logs into EBP.
  The issue is the same screen is different in DEV and TEST environment.
  I verified the code in the template in both systems but they are exactly the same.
  Also, checked the Parameters in the Templates and they too match.
  While going through the code, I found out that MENU_NODE_TAB is used in a repeat loop to verify user has access to the further links.
  But the surprising thing is the code is same in both the systems, but Test evnironment is reflecting the link I want to add in DEV environment.
  Am I missing something??
  Pls let me know.
  Thanks in advance.
  <b>I will reward full points for helpful answers!!</b>
  Regards,
  Sanaa

  Hi,
  In welcome.html there is a ITS code to initialize array with information about transaction (line 87).
  This code is in the loop:
  repeat with idx from 1 to MENU_NODE_TAB-TEXT.dim;
    if( (MENU_NODE_TAB-S_IDENT[idx] == "BBPSC01" && A_GEN_URL<i> == "") ||
        (MENU_NODE_TAB-S_IDENT[idx] == "BBPSC03" && A_GEN_URL<i> == "") || 
        (MENU_NODE_TAB-S_IDENT[idx] == "BBPSC02")                       );
      A_S_IDENT<i>      = MENU_NODE_TAB-S_IDENT[idx];
      A_GEN_URL<i>      = MENU_NODE_TAB-GEN_URL[idx];
      A_OBJECT_ID<i>    = "parent.launchpad.menu.M" & MENU_NODE_TAB-OBJECT_ID[idx] & ".root.name + parent.launchpad.menu.M" & MENU_NODE_TAB-OBJECT_ID[idx] & ".path";
      A_TEXT<i>         = quotFilter(MENU_NODE_TAB-TEXT[idx]);
      A_INTRODUCTION<i> = #WELCOME_SENTENCE6;
      found = 1;
    end;
  end;
  If You want to add this 4 links on begining - extend this array (in line 87):
  <!-- initialize array with information about transaction on startpage -->
  A_S_IDENT[1] = "custom_link1"; A_GEN_URL[1] = "www.google.com"; A_OBJECT_ID[1] = ""; A_TEXT[1] = "google"; A_INTRODUCTION[1] = "google link";
  A_S_IDENT[2] = "custom_link2"; A_GEN_URL[2] = "www.rediffmail.com"; A_OBJECT_ID[2] = ""; A_TEXT[2] = "rediffmail"; A_INTRODUCTION[2] = "redi link";
  A_S_IDENT[3] = "custom_link3"; A_GEN_URL[3] = "www.yahoo.com"; A_OBJECT_ID[3] = ""; A_TEXT[3] = "yahoo"; A_INTRODUCTION[3] = "yahoo link";
  A_S_IDENT[4] = "custom_link4"; A_GEN_URL[4] = "www.greetings.com"; A_OBJECT_ID[4] = ""; A_TEXT[4] = "greets"; A_INTRODUCTION[4] = "greeting link";
  A_S_IDENT[5] = ""; A_GEN_URL[5] = ""; A_OBJECT_ID[5] = ""; A_TEXT[5] = ""; A_INTRODUCTION[5] = "";
  A_S_IDENT[6] = ""; A_GEN_URL[6] = ""; A_OBJECT_ID[6] = ""; A_TEXT[6] = ""; A_INTRODUCTION[6] = "";
  etc.
  <!-- Search for shopping transaction in launchpad -->
  repeat with idx from 5 to MENU_NODE_TAB-TEXT.dim;
  Regards,
  Marcin

• Auto populate account & contact when appointment is create via OEI

  Hi,
  Does any one know if the account name and primary contact is populated in Appointment detail page when it's created via Outlook Email Integration? I thought i have the new contact created in the system and then when I want to create an appointment or task, the account and contact name will be populated. thanks.

  OEI will not create a new contact it will only link to the assoicated contact based on UI Interaction through OEI or based on the email. To Link the Account create a When New Record Saved workflow to joinfield value Primary Contact to Account

• Notification when user gets added or removed from room

  Hello all,
  I need to periodically synchronize the name of the room members with members of a group of a 3rd party application, i.e. each time a user gets added to a room i need to add the same user id to a special group in a 3rd party application (in my case a user group in the bug tracker application JIRA)
  Does anyone know if and how i can get a notification e.g. within a KM service if someone is added to or removed from a group? I can imagine there exists an API how to get the members but this would require me to poll KM to get the room members and i'm pretty sure this won't work well with 10000 rooms
  Best regards
  Dieter

  Hi,
  For notification you need to configure "mail Transport"
  Go to
  System administation -> system configuration -> collaboration -> transport - > mail transport.
  Here you maintain the SMTP server IP address.
  then members will get notification about room.
  Regards,
  Ganesh

• What do i do to get my id account back when i get locked out

  what to do when i get locked out off my account

  This is asked and answered many times every day.
  The forum search bar is on the right side of this page as is the More Like this section

• I have an Apple ID, and shared purchases with my 3 kids devices. Now they want to have their "own accounts" so when they get iTunes gift cards, they can pay for their own things. Can we share these purchases? My household is as follows:

  I have Mac Mini with Lion Server running 10.8.2 and an iPhone 4.
  Wife has iPad 2 and iPhone 4s. (We share Apps)
  Each kid (12 and under) has iPod Touch 4th Gen.
  So far all purchases made under my Apple ID/iTunes ID.
  Is there a way to let the kids have their own account- they get giftcards.... but if I buy an App they can still share it?
  so if Child 1 buys an App, or song, can we all enjoy it, but it's purchased from his 'own' account?

  @survivethestorm.
  Firstly thanks for the blog, I think it has saved me time contacting customer support?  I too am going thru the introduction of several kids devices, along with my wifes, onto the one iTunes account and on one PC computer (currently we have 3 x iPhones, 2 x iPod touches, 2 older iPods and soon to have iPad).  Syncing all devices hasn't been a problem to date as far as music, apps etc but I too have discovered the texting problem you described above, with my sent texts showing on the kids devices, and vice-versa, much to my horror!  It appears this is now only becoming a problem with the later iOS software and/or devices?
  It appears as you have described above, customer support has indicated by creating a separate Apple Account for each person, this fixes the texting problem?  Have there been any issues then with syncing apps, music etc after creating the accounts?  I currently dont use iCloud, I simply sync each device on connection via usb to the computer, and choose what is being synced to each device.  I like to control (at this point anyway) what is actually going on to the kids devices.  Do you know if there is a limit as to how many 'Apple Accounts' can share the one iTunes Library?  I realise the number of devices is unlimited to the one account, but just wondered if the number of Apple Accounts changes things?
  Once an Apple Account has been created for each person, do you then have to share your iTunes Library (Apps, Music etc) or does it do it automatically do so when they log in? 
  Also I presume you don't need credit card details for the Apple Account?  It was a long time ago I set my original one up.
  Sorry for the 'long winded' reply, just very confused and want to make sure I am doing the right thing.
  Many thanks.

• Automate Guest account creation?

  I need to create multiple users for guest wifi (+200) using the Lobby Admin account, is there a way to either create a template, csv file, or any other way to automate this and import it into the WLC as opposed to creating each account individually?

  I don't really know of any way to script it, but using Microsoft Excel with your CSV files, you could quickly create users via the CLI.
  1) SSH into your WLC.
  2) Enter: show wlan summary
  3) Find the WLAN ID of your guest WLAN
  4) Type 'config' to get into config mode.
  5) Prep these commands using excel, one line for each user, fill in the < > with your CSV columns.
  Command:
  netuser add wlan userType guest lifetime description ""
  Example:
  (Cisco Controller) config>netuser add Jimbo 100%Cisco wlan 2 userType guest lifetime 0 description "Jimbo's Guest Account"
  Once you have all your single line commands created in Excel, CLI into your WLC and copy all of your lines of new accounts and simply paste once :) It will quickly create all of your accounts.
  netuser add George 100%Cisco wlan 2 userType guest lifetime 0 description "Guest Account 1"
  netuser add Henry 100%Cisco wlan 2 userType guest lifetime 0 description "Guest Account 2"
  netuser add Suzy 100%Cisco wlan 2 userType guest lifetime 0 description "Guest Account 3"
  It should create them all in a snap.
  Good Luck,
  Lucas

• Assign default content type to any library automactially when site get created or people add the library

  we are on on premise environment, and we have a requirement that when people create a site or a sub site or even when they add a new document library , we want to ensure our custom content type is assigned as default content type to this library.
  the question is that is there any non-full trust solution, i know we probably can do it via feature stapling, or custom site template stuff. but they are NOT considered as we want PLA compliance

  Hi,
  As I understand, you would like to asscoiate a custom content type to a library when the library is created.
  With OOB option, you could try add this content type to an existing library, and save library as template. Then the library template should appear in Your Apps page, that is to say, users can directly create document library based on this template.
  As I tested, new document library created based on this template contains custom content type by default.
  With programatically methods, please refer to the similar threads below:
  https://social.technet.microsoft.com/Forums/en-US/ec9e243b-ea4c-4a46-8780-75a3a5659164/mysite-add-content-type-to-document-library-by-default?forum=sharepointadminprevious
  https://social.technet.microsoft.com/Forums/en-US/e58eb107-daa5-4a51-a139-dca2b1cf8591/set-default-content-type-for-document-libraries-on-a-custom-site-template?forum=sharepointdevelopmentprevious
  Regards,Please
  remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected] .
  Rebecca Tu
  TechNet Community Support

• Is there a way to automate UCxn account creation?

  We're running Unity Connection 9.1 currently.  An issue that has been haunting me for a while is the fact that even though we're LDAP sync'd, there's still no automated way to import accounts.  I'm wondering if anyone has come up with a way (or has seen something third-party) that can help automate this process? 

  Good to know I got that right
  We're just starting to get our hands on the 4 Prime apps, and only the 10.x versions, we didn't handle the previous releases, and won't do it, so, I really cannot compare how much of an improvement there is from the old releases.
  At least from the training and the demos I've seen, I think it's a good first step towards a single interface for all the UC apps, once I get some hands on experience in my lab, I'll be able to comment on what can be done and what can't be done with it.
  HTH
  java
  if this helps, please rate
  www.cisco.com/go/pdihelpdesk