How to add AD Endpoint groups to an AD Template via TEWS and/or PX Policies

Document ID : KB000044024
Last Modified Date : 14/02/2018
Show Technical Document Details

Summary:

When working with PX Policies or TEWS in order to add, remove, modify the AD groups on an AD Account or AD Template you need to reference the AD groups by their IAMHandle.

 

Background:

IM uses the jiam.jar layer to communicate with the Provisioning Server so the AD Endpoint Group value must be in an IAMHandle format.

 

Instructions: 

Here is what the IAMHandle for an AD group called "Administrators" in the default Container called "Builtin" on an AD Endpoint called "MyEndpoint" as well as what the IAMHandle for an AD group called "TestGroup" in an Org Unit called "MyOU" on an AD Endpoint called "MyEndpoint" would look like as these would be referenced in a PX Policy:

ADSGroup=Administrators,ADSContainer=Builtin,EndPoint=MyEndpoint,Namespace=ActiveDirectory,Domain=im,Server=Server

ADSGroup=TestGroup,ADSOrgUnit=MyOU,EndPoint=MyEndpoint,Namespace=ActiveDirectory,Domain=im,Server=Server

 

Below is a sample snippet that would be found in a TEWS request that was adding those two mentioned groups to a template:

<wsdl:CreateActiveDirectoryAccountTemplateActiveDirectoryAccountTemplateGroupsTab> 

<wsdl:EndpointCapabilityList> 

<wsdl:add index="0"> 

<wsdl:UniqueName>ADSGroup=Administrators,ADSContainer=Builtin,EndPoint=MyEndpoint,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName> 

<wsdl:Container>ADSContainer=Builtin,EndPoint=MyEndpoint,Namespace=ActiveDirectory,Domain=im,Server=Server,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:Container> 

</wsdl:add>

<wsdl:add index="1"> 

<wsdl:UniqueName>ADSGroup=TestGroup,ADSOrgUnit=MyOU,EndPoint=MyEndpoint,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:UniqueName> 

<wsdl:Container>ADSOrgUnit=MyOU,EndPoint=MyEndpoint,Namespace=ActiveDirectory,Domain=im,Server=Server,Namespace=ActiveDirectory,Domain=im,Server=Server</wsdl:Container> 

</wsdl:add> 

</wsdl:EndpointCapabilityList> 

</wsdl:CreateActiveDirectoryAccountTemplateActiveDirectoryAccountTemplateGroupsTab>