on 02-20-2016 5:59 AM
Hi Team,
I am new to SAP IDM and the requirement is to stop the existing connector from provisioining the users to AD.
Can you pls share some info on this?
Do we need to uninstalling the Connector or Without uninstalling we can stop the provisioning, Please let me know which approach to follow.
Thanks
Harry
Hello,
take away the provision (mx_add_member_task), deprovision (mx_del_member_task) and modify (mx_modify_task) -tasks from the repository by selecting "none".
If you remove the hook tasks the Provisioning Framework will still execure the provision/deprovision/modify workflows and attempt calling the hook tasks.
regards, Tero
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Why not create another task, or tasks, at strategic points in the workflow and let those tasks check a repository constant, or multiple constants, that you control which drive the execution of sections of the workflow, or make it stop or skip sections.
This way you can keep the workflow, but you can selectively control how it executes.
You could then go the whole hog and add some UI constructs on top of that and allow the setting of the constants from the admin UI, or even from other scripted activities that could respond to things in the environment and set the right constants to affect the sequencing of the AD workflow.
I don't know if that is what you need, but the programmer in me thinks its a way to control things:-).
Hi Harry,
Simplest way is disabling the Individual jobs, or unchecking the dispatchers to the jobs which are executing connecting job.
Regards,
Jay
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
So when you are saying disabling individual jobs?
As a begineer not having much experience, what my concept over job is to do any transaction like "read the users from source", "provision the users" etc.
In my case, how can i relate the jobs and dispatcher?
know its bit dumb what i am asking......
Hi Matt,
The version is 7.2
Stopping the dispatcher will halt the all systems bcoz we are using same dispatcher for other target systems as well.
The concern is clients want the group provision to work but user provisioning to stop....
i.e " let idm provision groups to AD but should not provision users at all.
Thanks
Harry
Depending on your usecase there are 2 possible ways (i know):
1. Delete hooktasks in the repository. This will prevent all writes on the remote system.
2. Uncheck Dispatcher Assignment like Jaya said. I am not sure if this will add entries to the provisioning queue...
In IdM 8 you have the option to deactivate repositories natively
Greetings, Aydin
Hello Matt,
disabling the task is a good idea, but I think the more flexible way is this one:
Delete references to the provisioning tasks (called hooktasks) in the specific repository (repository constants).
Usecase: You have 3 AD repositories. If you deactivate the AD Connector tasks, provisioning to all 3 repositories will be disabled. Better: Delete the hooktask-references of a specific repository.
Greetings, Aydin
User | Count |
---|---|
83 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.