Rule description
This rule queries the specified Active Directory scope and for each user in this scope finds a record with the same anchor in Oracle Database and updates this record with attribute values that are specified in the Attribute mapping setting.
When to use this rule
Use this rule when you need to write certain Active Directory user attributes back to the Oracle Database.
For example, you can write back the information to HR/ERP/SIS system about whether the user was provisioned to Active Directory, and if he was, specify the proper samAccountName, email address and UserPrincipalName generated for this user.
Rule Settings
Query Section
Setting name | Description |
---|---|
Limit scope to this domain or OU |
This setting defines the search query scope. To improve query performance, limit the scope to specific OU. Important: To test rule configuration, limit the rule scope to an OU that contains test accounts or objects.
|
Query criteria |
Query criteria are sent with the query and may improve query performance. Tip: For different samples on the criteria builder, see KB20180410-1.
|
Active Directory anchor attribute |
Defines the attribute in the Active Directory to which the Data Source anchor attribute is to be compared. |
Data Source Anchor attribute |
Defines the column in the Data Source that will be used to determine if the user account already exists. This value is compared to the Active Directory Anchor Attribute. |
Other Query Settings | |
Properties to display |
Select properties to display for each object found by the query. |
System Properties |
List of properties required for this rule to be executed correctly. |
Filter
|
Set the filtering conditions to only return objects or data that need to be processed by the rule. Example: filter by Name column. |
Sort by |
Sort result object list. |
Initialization script |
Usually, rules use query criteria to limit the query search scope. It improves the performance of the executed rule. Due to PowerShell limitations, it is not possible to use the calculated expressions in query criteria. That is the point where the initialization script can help. You can initialize a global variable in this setting and then use it in query criteria. Important: To use a variable, declared in the initialization script, in the query scope, it must be global: $global:<variable name>.
Example: Update AD users, created in the last ten days.
{$global:DatePeriod = (Get-Date).AddDays(-10)}
|
Database Connection Settings |
|
Hostname |
Specify Oracle server hostname (or its IP address) to which Cayosoft Administrator will connect. Note: for more information, please read Connecting to Oracle Database article.
|
Service name |
Specify the Oracle database service name. |
Port |
Specify Oracle SQL*Net Listener port number; the default is 1521. |
Table |
Specify Table or View from the selected database. Click the Selector button to display a list of tables from which to choose. |
Credentials |
Specify Oracle user account name and password. |
Action Section
Setting name | Description |
---|---|
Attribute mapping |
Map Active Directory user attributes whose values must be written back to matching database table columns. |
Other Properties |
|
Other Properties |
If you need every updated user record in the database to have in Column 1 the value from the extensionAttribute1, then use this script: {@{'Column1'=$FoundObject.extensionAttribute1;}} Important: If the script has Active Directory attributes that are not specified in Properties to display and in Active Directory anchor attributes, you need to add these attributes to System Properties.
|
Output Section
This section defines the output format of this rule.
To get more information about this section, please see the Output section article.
Enforce/Schedule section
This section defines the schedule for how often to run the rule.
To get more information about this section, please see the Enforce/Schedule section article.
Change History
Version | Notes |
---|---|
6.4.0 | The rule is introduced in the product. |
Comments
0 comments
Please sign in to leave a comment.