Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

objectGUID as matching attribute for reconciliation between AD and IdM

Hello together,

I want to use the AD attribute objectGUID as matching attribute between AD and IdM. It is one of the attribute which will never be changed (in case of name changes of a person or similiar changes).

Our IdM can read this attribute and save it (with the help of a java script). This works fine.

But if I want write back something to AD I do not know how the "To LDAP directory" path must be configured. I get always the error that the account can not be found in the AD. Maybe the attribute must be changed with a java script ...

Has anyone already used this attribute?

Thanks!

BR

Michael

replied

Michael, I have done this many times in pretty much the same way you have indicated.  While DN is good for basic LDAP / AD operations, ObjectGUID is preferred for ModRDN operations or if you want to change the user's DN.  I have written about these operations in a blog, Using modRDN with SAP NW IDM.

Hope it helps!

Regards,

Matt

0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question