Experts,
We're encountering a situation here when we provision to multiple Active Directory groups from a single IDM Role.
The scenario is this:
We have a workflow that has multiple conditional and switch tasks that result in the provisioning of users to Active Directory 2008 (mixed mode) Our workflow uses the provisioning framework and all users have been granted the ONLY privilege for the system.
The workflow will result in adding the users to multiple AD groups sometimes two AD groups that are associated with a single IDM role. The first assignment always works, the second does simply does not occur, no entry in the system or job log although IDM does show that the role has been assigned with an 'OK' status.
We've accomplished a workaround by redesigning the workflow so that only single roles are assigned at a time and using chain result OK links to move from one provisioning activity to another, but frankly, we are unsatisfied with this. IDM should be handling this much better through
I'm wondering if we have a pending value floating out there and we should just be applying the pending value at the end of every AD group add.
Any thoughts on this would be appreciated.
Thanks,
Matt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.