Does Active Directory connector in Identity Manager support inter domain user movement in Active Directory.
We have two domain A and B.
Clients requirement is if user is transferred from one domain to another domain he should be physically moved in AD from one domain to another domain.
Is this can be done through Identity Manager. ?
Changing the domain should be considered as a normal change of the provisioning roles, i.e.
- an existing provisioning role is removed, resulting in an account is removed from original AD domain
- an new provisioning role is assigned, resulting in an account is created in new AD domain.
As per design, Identity Manager does not support moving of AD accounts from one domain to other domain.
you need check with Microsoft for a decent workaround
There is a concern is that the SID will be changed when you move an account across the domains