Deleting users using GTC - CSV connector

Similar Messages

• How to reconcile deleted users with GTC

  Hi all,
  I'm wandering wich is the best approach to perform reconciliation of deleted users using GTC connector. (It doesn't concile it by default, does it?).
  I don't know if it's a bad idea to mark the deletion in the target table row (setting a value in a column) and revoke the user through an Entity Adapter. Should it be better to develop a custom Scheduled Task for this?
  Any tip will be considered!
  Thanks in advance,

  Hi,
  Yes I run both Schedule task as "time-programmed" . I usually run creation task first and then it is followed by delete recon task.
  I am not fully understanding what do you mean by starting GTC generated task automatically? Please give me more insight before I comment on this.
  For delete recon you need to do following
  HashMap userValues[];
  userValues = null;
  userValues=createDeleteHashMap(results);
  Set deletedAcc = reconUtil.provideDeletionDetectionData(resourceObject, userValues);
  missingUser = reconUtil.getMissingAccounts(resourceObject, deletedAcc);
  long reconEvent[] = reconUtil.deleteDetectedAccounts(missingUser);
  Here userValues is array of Hashmap which have all the non revoked user.
  So your steps should be.
  1.Query the table wich store all active users and store them in an array of hashmap
  2.Pass it to provideDeletionDetectionData method.
  3.pass step 2 result set to getMissingAccounts method.
  4.Pass step 3 result set to deleteDetectedAccounts.
  Alternatively you do following.If in your query you can find out which user is deleted and if you are oim9.1 then follow these steps.
  1.Query the table and get revoked/deleted user and store then in a hashmap.
  2.Use createDeleteReconciliationEvent(java.lang.String psObjName, java.util.Map poAttributeList) to create the delete reconciliation event.
  First approach is bit risky because if somehow in your table or view all the record are delete or revoked or by any error GTC connector did not find any record then it will revoked all the user from OIM which can lead to disaster as you are doing trusted recon.
  Please let me know if you have any more questions.
  Regards
  Nitesh

• How can I o create, modify or delete users using OIM 11g web services?

  Hi,
  I have a requirement to create, modify or delete users using OIM 11g web services.
  The end users will be signing on to the online application, a user interface to request ids online. The user interface is the home grown application to request ids.
  I want to integrate this user interface with OIM 11g. I generated the java classes using the out of the box wsdl file as mentioned in the Developer’s Guide for Oracle Identity Manager 11g. But I need to know how to create users using web server client from a given wsdl file? Is there a sample web service client program to create a user in OIM?
  If you know of any document which I can follow or if you can give any details I really appreciate.
  Thanks and Regards,
  Viraf

  Hi Chong,
  Were you able to figure out the approach? I am facing the same issue like this. I have created a web service where the input values are no. of days to extend user's end date and user's employee ID. Output will be true or false. But I am getting error while searching user in OIM DB. I think my web service is not to query OIM DB
  Please let me know if you have worked on this senario.
  Thanks,
  Kalpana.

• Creating and deleting users using AM Client SDK

  Hi,
  I was wondering if anyone could tell me how to create and/or delete users from Access Manager from a standalone application using the AM Client SDK? From what I have read this can be done using the AMStoreConnection class but I can't find any examples on how to use this class to add and delete users. The only examples I have found is how to retrieve data from AM. I need to keep AM and the underlying directory server in sync with another identity datastore so I need to build a process in Java to do this. Any help is appreciated.
  Thanks
  -Jeff

  Lets assume we have a HR system and the user has got deleted in the system, the HR system drop a CSV file to a specified location with the details of the user to be deleted from the IDM system . Now the CSV GTC connector would need to read the record and delete the user .
  This can be done , I have done this using API calls , but i assume that there would be someway of doing this using the OOB GTC .I think we need to set the correct value for the status field to do this ..
  I am not sure what status to set.

• Steps for re-using the same user id of a deleted user in OIM 11g ?

  Hello experts,
  By Default, in OIM 11.1.1.5.0 it is not allowing to re-use the same user id of a deleted user.
  Consider a user with user id as "ABCD1234". The user is deleted from OIM and it is not getting displayed in the user search. But in DB we could see that user details with "Deleted" status. Say accidently this hard delete has happened .
  How do we create that user again with same user id ?
  What is recommended for such scenario ?
  Thanks,
  DK

  I suggest disable the unique index instead of dropping it using ALTER INDEX <INDEX_NAME> DISABLE command.
  Better way to handle this do below
  1. disable index
  2. update usr_login for deleted user using sql query eg. xx|usr_login and commit it ( update usr set usr_login='xx'|| usr_login where upper(usr_status)='DELETED')
  3. enable your index
  4. now login to OIM and easily you can create user with the previous user login
  In this case your Index is still enbaled so it won't hamper the performancem, because this index is being used in various places for user search.
  NOTE: disable any other constraints if required. But, I don't think so. Just disabling unique index will allow you to update"
  --nayan                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

• Reconciliation of User's Manager Field using GTC

  Hi,
  Could anyone suggest how to manage the reconciliation of Manager field of users using GTC.
  As for the first trusted reconciliation of users , the manager value coming from the source would not exist in OIM, so if we map the manager field of source with manager field in OIM, it would fail, as the manager user doesn't yet exist in OIM. How can we implement this.
  Regards

  Hi Rajiv,
  Thanks for your response.
  We have configured our GTC with the manager attribute mapped as well, in the sense, there are race conditions, manager user might not exist while OIM is reconciling and trying to create a user.
  So, the recon event comes as Data Validation Failed. But eventually the users will be created and this Retry Failed Recon Events ST, which is OOTB will slowly resolve all the users as and when the users are created in OIM.
  What happening is :- when i am running this Retry Failed Recon Events ST (as there are lots of failed recon events), OIM is crashing after every half n hour.
  What i could see in logs is below:- Is this somehow related to CPU usage and Memory???
  at oracle.iam.reconciliation.scheduledtasks.ReconRetrySchedulerTask.process(ReconRetrySchedulerTask.java:43)
  at oracle.iam.reconciliation.scheduledtasks.ReconRetrySchedulerTask.process(ReconRetrySchedulerTask.java:43)
  at oracle.iam.reconciliation.scheduledtasks.ReconRetrySchedulerTask.process(ReconRetrySchedulerTask.java:43)
  >
  /u01/oracle/admin/OIMDomain/mserver/OIMDomain/bin/startWebLogic.sh: line 180: 19488 Segmentation fault (core dumped) ${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} -Dweblogic.Name=${SERVER_NAME} -Djava.se
  curity.policy=${WL_HOME}/server/lib/weblogic.policy ${JAVA_OPTIONS} ${PROXY_SETTINGS} ${SERVER_CLASS}
  <FINEST> <NodeManager> <Waiting for the process to die: 19417>
  <INFO> <NodeManager> <Server failed so attempting to restart (restart count = 1)>
  <INFO> <NodeManager> <Starting WebLogic server with command line: /u01/oracle/admin/OIMDomain/mserver/OIMDomain/bin/startWebLogic.sh >
  <FINEST> <NodeManager> <Environment: TERM=xterm>
  <FINEST> <NodeManager> <Environment: JAVA_HOME=/u01/oracle/product/fmw/11.1.2/jdk1.6.0_30>
  Any Suggestions???
  Thanks

• Deleted users are not really "deleted" !

  Hello all !
  I'm writing an java application to create/read/update/delete users using the GRAPH API. All is going well except one particular use case : If I delete a user, and then later try to create again the same user, I get the following error : "A conflicting
  object with one or more of the specified property values is present in the directory"
  The detailled use case for one user is :
  - Create user with (userPrincipalName, displayName, accountEnabled, mailNickname, password, forceChangePasswordNextLogin properties) : OK
  - Query this user to read  his properties: OK
  - Delete this user : OK
  - Query this user to read his properties : the user does not exist : OK
  - Create the user with same properties than first step : Not OK ("A conflicting object with one or more of the specified property values is present in the directory")
  It should be noted that this error is returned more and more as I repeat these steps.
  What is the problem and what can I do ?
  Thanks in advance.

  I am able to successfully add and remove the same user using the Azure Portal and via code.
  Are you sure the user is actually being deleted?
  Have you verified if you are able to see the deleted user in the Azure Portal after you delete it?
  I used the code within the Graph API Console Application ( AzureADSamples/ConsoleApp-GraphAPI-DotNet
  - https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet- "create a new user" region and "Delete User" region).  I was able to create the same user and
  delete the user multiple times without any errors. 
  Here is another thing you could verify.  Is you application a member of the "User Account Administrator" role?  You can utilize the MSOL cmdlets ( Manage Azure AD using Windows PowerShell -https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx )
  to add your application to this role (add-msolrolemember -RoleName "User Account Administrator" -RoleMemberType ServicePrincipal -Rolememberobjectid <object GUID for application> )
  If your application is under  the correct "User Account Administrator" role, it should not have any problems doing this task.  I would verify.
   If you are still having a problem.  You might need to open a support case via the Azure Portal.  I hope this resolves your issue.
  ~ Michael

• PowerShell Active Directory: Get last logon date of a deleted user

  So, my first post in this noble community. I've been lurking here and I've been getting some good information. Hopefully, you guys can help me in this concern which may be simple to some but I couldn't seem to get around it.
  Is it possible to get the last logon date of a DELETED user in Active Directory?
  I can get the available properties of deleted users using the following:
  Get-ADObject -Filter {samaccountname -eq <account_name> -and ObjectClass -eq "user"} -IncludeDeletedObjects -Properties *
  But the last logon date is not one of the properties available from Get-ADObject. Get-ADUser has the last logon property, but it does not have data on deleted users. Is there anyway this can be achieved? Perhaps convert an ADObject to an ADUser?
  Any information would be much appreciated. Thank you.

  Thanks everyone for your response. It looks like jrv is leading me to the right path, but I'm still having issues. I'm trying to get the lastlogon time by querying all the DCs in our domain, but every query returns a null lastlogon time for all the deleted
  users I tried:
  $DomainControllers = ((Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ }).Name
  foreach ($DC in $DomainControllers)
      $dn=(Get-ADObject -Filter {samaccountname -eq <user_account>} -includedeletedobjects -server $DC).DistinguishedName
      $user=[adsi]"LDAP://$dn"
      $user.LastLogon
  It always returns null. Morever, simply executing [adsi]"LDAP://$dn" from each DC gives the following error:
  format-default : The following exception occurred while retrieving member
  "distinguishedName": "There is no such object on the server.
      + CategoryInfo          : NotSpecified: (:) [format-default], ExtendedType
     SystemException
      + FullyQualifiedErrorId : CatchFromBaseGetMember,Microsoft.PowerShell.Comm
     ands.FormatDefaultCommand
  It's a bit surprising to me though, since $user=[adsi]"LDAP://$dn" does return a value for $user (instead of null whenever an error is encountered) of type System.DirectoryServices.DirectoryEntry but it has no members.
  Anyone know what I'm missing?

• Deleted User Full Name

  Hi,
  I could get past histroy of deleted user using SUIM using user SAP_ID.
  But I need FULL Name ( First, Middle and Last ) of the user id I am looking for.
  Is there anyway to the full name as it was in User master record after deletion?
  Thanks,
  Sam

  Hi Sam,
  Try this thing out. Recreate the user id in SU01. You will get the message that Address Data for the user id already exisits. Do you want to continue. Go for this option and user id address data will be automatically filled. Here you can find his full name.
  Please award points for useful answers.
  Regards.
  Ruchit.

• Sg300 delete user via cli

  Hello.
  Hi,
  I like to delete users using cli commands. My firmware is 1.4.0.88.
  My thinking was something like: <username admin delete> should work but doesnt. What am I doing wrong?
  -fuz

  Hi Fuz,
  Try "no" form of this such as "no username fuz" and enjoy CLI :-) 
  http://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/CLI_300.pdf
  Aleksandra

• Problem with using GTC connector

  Hi All,
  we are using data base table connector for the trusted recon from oracle database to oim. I have an entity adapter which i attached to the pre-insert updates the Organization depends on the attribute. This is working fine when i do the first time recon , the organization is updating properly. But if i updates any field in the database and reconcile, the Organization is updating as Xellerate Users.The old value is wiped out.
  How can i solve this problem.
  Is this solved by using attaching the adapter to the post-update also.
  Thanks,
  KK

  Are you using GTC connector for this ?
  I think you connector is brining Organization as Xellerate Users but at pre insert you are updating it with your org name.
  But on updating you haven't put your entity adapter i.e. on Pre Update that's why it is updating org as Xellerate Users. Put your adapter on pre update too.

• OIM11gR2 - iPlanet Connector - iPlanet Trusted Delete User Recon Task

  Hello All,
  What is the standard OOTB action performed on OIM User when I run the iPlanet Trusted Delete User Recon Task?
  I couldn't tell from the connector documentation below:
  http://docs.oracle.com/cd/E11223_01/doc.904/e10446/using.htm#BABIJCFF
  Does it disable the OIM user?
  Does it delete the OIM user? (soft delete? hard delete?)
  I'm interested in soft delete.
  Thanks
  Adr

  Apologies, My previous post was intended for end date reaching.
  It just deletes the user from OIM. It does not care about end date or disable schedule jobs.
  However, the user status will be set as "deleted".
  http://docs.oracle.com/cd/E11223_01/doc.910/e11197/using_conn.htm#CACGJGGA
  P.S I gave this document for AD (However, it applies to any connector document as it is basic definition of trusted source).
  The basic behaviour and definition of trusted reconciliation is to delete the user identity in OIM if itis deleted in the source system.
  Cheers,
  Tejo.

• Delete oimGroup membership of the oim user using Script (oim 9.1).

  Hi All,
  I want to remove oim users' particular oim group membership, Is there any problem, if I use the following script to delete user group information from USg table?
  delete from usg where usr_key in (select usr_key from usr where usr_login in ('xxx','yyy')) and ugp_key=31
  Note: In our case, No policies,membershiprules are assigned to this oim group (we defined gruops only) and env is oim 9.1.
  Can any one confirm this. Or if there is nay problem, please let us know.
  Thanks.
  Edited by: user13285646 on Jul 28, 2011 11:01 PM

  Thanks Rajiv.

• Importing new users with plain text password using a csv file does not work

  Hello everyone,
  I am using csvde -i -f filename to import a number of users and their plain text passwords but it seems
  that the "Password" parameter in my csv file is not recognized.
  PS D:\csvfiles> csvde -i -f .\testimport.csv
  Connecting to "(null)"
  Logging in as current user using SSPI
  Importing directory from file ".\testimport.csv"
  Loading entries.
  Add error on line 2: No Such Attribute
  The server side error is "The parameter is incorrect."
  0 entries modified successfully.
  An error has occurred in the program
  No log files were written.  In order to generate a log file, please
  specify the log file path via the -j option.
  I'm probably doing something wrong but I can not see it. If you know what that is please let me know.
  Many thanks

  I suggested LDIFDE.exe or you can use the following PowerShell script to import your CSV file, if you have the Active Directory PowerShell Module installed:
  http://gallery.technet.microsoft.com/scriptcenter/ed20b349-9758-4c70-adc0-19c5acfcae45
  Enfo Zipper
  Christoffer Andersson – Principal Advisor
  http://blogs.chrisse.se - Directory Services Blog

• Deleting portal users using APIs

  Hi
  We are deleting users from portal through a java class using
  JBDC( using prepareCall and executeUpdate) . We can successfully
  delete the user from the login server using the procedure
  PORTAL30_SSO.WWSSO_API_USER_ADMIN.DELETE_USER(). However, when
  we try to delete the user from portal30 using
  PORTAL30.WWSEC_API.DELETE_PORTAL_USER()
  we get the following errors
  ERROR at line 1:
  ORA-01086: savepoint 'DELETEUSER_SAVEPOINT' never established
  ORA-06512: at "PORTAL30.WWSEC_API", line 1471
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at "PORTAL30.WWCTX_SSO", line 849
  ORA-06510: PL/SQL: unhandled user-defined exception
  ORA-06512: at "PORTAL30.WWCTX_SSO", line 669
  ORA-06502: PL/SQL: numeric or value error
  ORA-06512: at line 1
  We can run the delete_portal_user procedure successfully as
  portal30(the owner of the portal30 schema). But when we try to
  delete a user as another dba user, we get the error shown above.
  This user has full sysdba priveleges on the portal30 schema. The
  workaround is to create another database connection in the Java
  class for the portal30 user. However they prefer to run it
  as the dba who have created the user but not as portal30.
  I checked in the JPDK documentation but there is no API to delete
  users.
  Any help is greatly appreciated.
  Many Thanks
  Raja

  I get the same thing would any answer this question please ?