Rule description
This rule queries the specified text file data source that is in a comma-separated variable format (CSV) and updates user accounts according to the Action section settings.
When to use this rule
Use this rule when you need to perform bulk user account update from HR/ERP/SIS system into Active Directory.
This rule requires a source text file in the comma-separated variable format (CSV). You can use the template CSV file provided with the rule, or create a file in Microsoft Excel and export as CSV.
To use a template CSV file:
- In the Query section, click the [...] button next to Select Data Source setting
-
Open Templates folder
-
Select AD Users Template CSV file
-
Click Open
The Query's source text file requires the following CSV (comma-separated value) format:
FirstName,LastName,Description,EmailAddress
Joe,Smith,test user,joe@domain.com
Kelly,Jones,test user,kelly@domain.com
Rule Settings
Query Section
Setting name | Description |
---|---|
Select Data Source |
Specifies the text file to be imported. The […] button allows the user to browse for the file and the Create/Edit button allows the creation or editing of the existing file in the built-in Data Source editor. |
Limit scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to specific OU.
Important: To test rule configuration, limit the rule scope to an OU that contains test accounts or objects.
|
Data Source Anchor attribute |
Defines the column in the Data Source that will be used to determine if the user account already exists. This value is compared to the Active Directory Anchor Attribute. Because user names are likely to have duplicates, some other attribute with a unique value should be used to determine if records read from the Data Source have already been processed. |
Active Directory Anchor attribute |
Defines the attribute in the AD to which the Data Source anchor attribute is to be compared. When a user is updated this value also specifies the AD attribute into which the Data Source anchor is written for comparison the next time the rule is executed.
Note: If the Active Directory attribute you wish to use as the Active Directory Anchor attribute is not displayed, you can enter the LDAP name of the attribute in the field. The attribute must be flagged as searchable (https://msdn.microsoft.com/en-us/library/ms679765(v=vs.85).aspx) within Active Directory. To determine if the attribute is flagged as searchable you can use ADSI Edit to view the Schema Objects container and examine the attribute’s searchFlags property.
|
More Options |
|
Filter CSV Data |
This setting specifies the filter that can remove data rows from the imported text file that satisfy the specific condition. |
Properties to display |
To display additional properties for each object found by the query, add those properties to the list. |
Filter |
To hide unwanted data based on criteria, not supported by Active Directory query, set the filtering conditions here. Example: filter by the found object Distinguished Name. |
Empty field in Data Source |
If the record in the CSV file column is empty, you can skip updating the attribute or clear its value. |
Action Section
Setting name | Description |
---|---|
Update method |
Specify the method to update AD Users properties:
|
Simplified output | When set to 'Yes', the output will show user attribute values as they were queried. When set to 'No', values will be required and verified after updating them to show true end values in the output. This will decrease rule performance for large datasets. |
Account | |
FirstName (GivenName) |
If the Data Source contains a field named FirstName, do nothing. Otherwise, use the Selector button to choose a field from the Data Source. |
Initials |
Specify user initials. |
Last/SurName (sn) |
If the Data Source contains a field named LastName, do nothing. Otherwise, use the Selector button to choose a field from the Data Source. |
Display Name
|
If the Data Source contains fields named FirstName and LastName, choose the desired format do nothing. Otherwise, use the Selector button to select a field from the Data Source or contact Cayosoft for an override format. |
Description
|
If the Data Source contains a field name Description, do nothing. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source. |
Settings |
|
New Password |
This setting defines the password for the new account. This value can be static text, a field from the Data Source chosen using the Selection button, or set to Generate Random Password
Note: Static passwords or passwords from Data Source must meet the Active Directory Password Complexity Policy of the target container, or the account will be created in a disabled state. Randomly Generated Passwords will be generated to match both the Active Directory Password Complexity Policy and additional complexity requirements defined in the Cayosoft Administrator Password Complexity Policy.
|
Must change password at next logon Account enabled User cannot change password Password never expires |
These settings enable/disable the standard Active Directory user object settings. |
Account Expiration Date |
This setting defines the Account Expiration attribute in Active Directory. In addition to populating this field from the Data Source, a text string can also be manually entered into the field in the format MM/DD/YYYY or YYYY-MM-DD. |
Organization |
|
Office Job Title (Title) Department Company Employee Number EmployeeID Division |
If the Data Source contains one of these field names, do nothing. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source. |
Manager Identifier |
Use the Selector button to choose a field from the Data Source that is a unique identifier for the user’s manager. Typically this will be the Managers EmployeeNumber or EmployeeID. |
AD Attribute for Manager Lookup |
Select an Active Directory attribute that is used to search for the value of the Manager Identifier specified in the field above. |
Contact Info |
|
Country |
If the Data Source contains a field name Country, do nothing. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source. The country/region should be represented as a 2-character code based on ISO-3166. |
Office Phone (telephoneNumber) Mobile Phone (mobile) Street Address City (l) State Postal Code |
If the Data Source contains a field with one of these names, do nothing. Otherwise manually enter a static text value or use the Selector button to choose a field from the Data Source.
|
Other Properties |
|
Other properties |
Using picker dialog, set a mapping between data source columns and target user properties. |
Other properties script |
Data mapping also can be set by the script. If you want every provisioned user to have extension attribute 1 populated with some string value then use this:
Note: If you set mapping for the same properties both in Other properties and Other properties script, attribute values will be updated by the script.
|
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change History
Version | Notes |
---|---|
11.3.0 | Update method and Simplified output settings have been added. |
9.1.0 | Domain Controller and Credentials settings have been removed. |
7.2.0 | Other properties setting is added. |
6.4.0 | If the record contains empty fields, then overwrite fields with empty values setting is renamed to Empty field in Data Source. |
5.4.0 | The rule is supplied with the pre-built CSV file template, which is selected by default when you create a new rule. |
Comments
0 comments
Please sign in to leave a comment.