As per the One Identity Manager Connector User Guide
, to prevent this, provisioning can be configured such that only the changed membership is provisioned in the target system. The corresponding behavior is configured separately for each assignment table.
To allow separate provisioning of memberships
1. Start the Manager.
2. Select the category Data Synchronization | Basic configuration data | Target system types
3. Select the target system type in the result list, e.g. Active Directory.
4. Select the task Configure tables for publishing
5. Select the assignment tables for which you want to allow separate provisioning. Multi-select is possible.
- The option can only be set for assignment table whose base table has a column XDateSubItem.
- Assignment tables, which are grouped together in a virtual schema property in the mapping, must be labeled identically (For example ADSAccountInADSGroup, ADSGroupInADSGroup and ADSMachineInADSGroup).
6. Click Enable merging
7. Save the changes.
For each assignment table labeled like this, the changes made in the One Identity Manager are saved in a separate table. During modification provisioning, the members list in the target system is compared to the entries in this table. This means that only modified memberships are provisioned and the members list does not get entirely overwritten.
NOTE: The complete members list is updated by synchronization. During this process, objects with changes but incomplete provisioning are not handled. These objects are logged in the synchronization log.
For more detailed information about provisioning memberships, see the Target System Synchronization Reference Guide