-
제목
HOW TO: Synchronize Active Directory enablement status between Active Directory Connectors in the Active Roles Synchronization Service -
설명
How is it possible to update User account enabled/disabled status in one Active Directory domain based on updates to a mapped User account in another Active Directory domain?
-
원인
Active Directory User account enablement status is stored as a BITWISE AND 2 filter on the userAccountControl attribute. In other words, if a User account is disabled, 2 will be added to a base value. The base value differs depending on other statuses which are also stored in the userAccountControl attribute.
In order to synchronize the enablement status as well as all statuses stored in the userAccountControl attribute, just synchronize the entire value of the userAccountControl attribute.
Synchronizing only the enablement status is currently only possible using a PowerShell script.
-
해결 방안
WORKAROUND 1
Configure a Forward Sync Rule to synchronize the entire value of the userAccountControl attribute.
WORKAROUND 2
Configure a Forward Sync Rule to synchronize the value of the following PowerShell script with the userAccountControl attribute:
$srcUserAccountControl = $srcObj["userAccountControl"]
$dstUserAccountControl = $dstObj["userAccountControl"]
$srcAccountStatus = $srcUserAccountControl -band 2
$dstAccountStatus = $dstUserAccountControl -band 2if($srcAccountStatus -eq $dstAccountStatus)
{
return $dstUserAccountControl
}
elseif($srcAccountStatus -eq 0 -and $dstAccountStatus -eq 2)
{
return ($dstUserAccountControl + 2)
}
elseif($srcAccountStatus -eq 2 -and $dstAccountStatus -eq 0)
{
return ($dstUserAccountControl - 2)
}
STATUS
Enhancement ID 467635 has been created to make this functionality possible without requiring the use of a PowerShell script.
Product Management will evaluate the request and this feature may become available in a future release of the product.
There are no guarantees that this specific enhancement request will be implemented in a future release.
For more information regarding our Enhancement Request policy, refer to our Global Support Guide on the Support Portal at: https://support.oneidentity.com/essentials/support-guide/
-
변경 요청
467635