Rule description
This rule queries the specified SQL data source and updates Active Directory user accounts according to the Action section settings. Accounts are matched between the two systems by anchor attributes.
When to use this rule
Use this rule when you need to perform bulk user account update from HR/ERP/SIS system into Active Directory.
Rule Settings
Query Section
| Setting name | Description |
|---|---|
|
Limit scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to specific OU. Important: To test rule configuration, limit the rule scope to an OU that contains test accounts or objects.
|
|
SQL instance
|
Specify the name of the SQL Instance as defined in the Utils Extension SQL Server configuration. Using the Default SQL Instance setting will retrieve the current setting from the SQL Connection settings of the Utils extension. Note: For more information, please see Connecting to Microsoft SQL Server data source article.
|
|
SQL database name |
Specify database name from selected SQL Instance. |
|
SQL table |
Specify SQL Table or View from the selected database. Click the [...] button to display a list of tables from which to choose. |
|
SQL credentials |
Specify the database from the data source SQL Instance. Click the [...] button to enter SQL Credentials. Note: Windows Authentication cannot be used to access a Microsoft SQL Server database. The account must be a Mixed Mode or SQL Account.
|
|
Data Source Filter |
You can use the point-and-click filter builder for the specified data source. Note: If Where Clause is also specified, it will be applied and DataSource Filter will be ignored.
|
| More options | |
|
Return these SQL columns
|
Specify columns returned by the data source. |
|
Where clause |
Define a WHERE statement in the SQL query sent to the data source to limit the rows returned by SQL Server. |
|
Properties to display |
Select properties to display for each object found by the query. |
|
Filter
|
Set the filtering conditions to only return objects or data that need to be processed by the rule. Example: filter by Name column. |
|
Empty field in Data Source |
If the record in SQL column is empty, you can skip updating the attribute or clear its value. |
|
Data Source Anchor attribute |
Defines the column in the Data Source that will be used to determine if the user account already exists. This value is compared to the Active Directory Anchor Attribute. Because user names are likely to have duplicates, some other attribute with a unique value should be used to determine if records read from the Data Source have already been processed. |
|
Active Directory Anchor attribute |
Defines the attribute in the AD to which the Data Source anchor attribute is to be compared. When a user is updated this value also specifies the AD attribute into which the Data Source anchor is written for comparison the next time the rule is executed. |
Action Section
| Setting name | Description |
|---|---|
| Account | |
|
FirstName (GivenName) |
If the Data Source contains a field named FirstName, do nothing. Otherwise, use the Selector button to choose a field from the Data Source. |
|
Initials |
Specify user initials. |
|
Last/SurName (sn) |
If the Data Source contains a field named LastName, do nothing. Otherwise, use the Selector button to choose a field from the Data Source. |
|
Display Name
|
If the Data Source contains fields named FirstName and LastName, choose the desired format do nothing. Otherwise, use the Selector button to select a field from the Data Source or contact Cayosoft for an override format. |
|
Description
|
If the Data Source contains a field name Description, do nothing. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source. |
|
Settings |
|
|
New Password |
This setting defines the password for the new account. This value can be static text, a field from the Data Source chosen using the Selection button, or set to Generate Random Password Note: Static passwords or passwords from Data Source must meet the Active Directory Password Complexity Policy of the target container, or the account will be created in a disabled state. Randomly Generated Passwords will be generated to match both the Active Directory Password Complexity Policy and additional complexity requirements defined in the Cayosoft Administrator Password Complexity Policy.
|
|
Must change password at next logon Account enabled User cannot change password Password never expires |
These settings enable/disable the standard Active Directory user object settings. |
|
Account Expiration Date |
This setting defines the Account Expiration attribute in Active Directory. In addition to populating this field from the Data Source, a text string can also be manually entered into the field in the format MM/DD/YYYY or YYYY-MM-DD. |
|
Organization |
|
|
Office Job Title (Title) Department Company Employee Number EmployeeID Division |
If the Data Source contains one of these field names, do nothing. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source. |
|
Manager Identifier |
Use the Selector button to choose a field from the Data Source that is a unique identifier for the user’s manager. Typically this will be the Managers EmployeeNumber or EmployeeID. |
|
AD Attribute for Manager Lookup |
Select an Active Directory attribute that is used to search for the value of the Manager Identifier specified in the field above. |
|
Contact Info |
|
|
Country |
If the Data Source contains a field name Country, do nothing. Otherwise, manually enter a static text value or use the Selector button to choose a field from the Data Source. |
|
Office Phone (telephoneNumber) Mobile Phone (mobile) Street Address City (l) State Postal Code |
If the Data Source contains a field with one of these names, do nothing. Otherwise manually enter a static text value or use the Selector button to choose a field from the Data Source.
|
|
Other Properties |
|
|
Other properties |
Using picker dialog, set a mapping between data source columns and target user properties. |
|
Other properties script |
Data mapping also can be set by the script. If you want every provisioned user to have extension attribute 1 populated with some string value then use this: Note: If you set mapping for the same properties both in Other properties and Other properties script, attribute values will be updated by the script.
|
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change History
| Version | Notes |
|---|---|
| 9.1.0 | Domain Controller and Credentials settings have been removed. |
| 7.3.0 | Data Source filter is added. |
| 7.2.0 | Other properties setting is added. |
| 6.4.0 | If the record contains empty fields, then overwrite fields with empty values setting is renamed to Empty field in Data Source. |
Comments
0 comments
Please sign in to leave a comment.