How to report Global Users from Provisioning store which are missing from IM corporate directory?

Document ID : KB000031053
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:
How to report Global Users from Provisioning store which are missing from IM corporate directory?

Answer:

Set a custom field of corporate global users belonging to IM then search in provisioning store those which are not marked.

Instructions

1. From the Management Console, in the Provisioning Advanced Settings, map a custom user attribute (e.g.: IMUsrCustom11) in the Corporate Directory to a user attribute in the provisioning directory  (e.g.: eTCustomField11).

 

2. From the User Console create a Bulk Task Definition for the User Object Type and the Modify User Task.

The custom user attribute (e.g.: IMUsrCustom11) will be set on each object in the Bulk Task’s population to one value (e.g.: “IM”). The Object filter in the population is (all).

Execute this Bulk Task.

 

3. Execute the following script against the Provisioning Server to report Users existing in the provisioning directory but missing from IM corporate directory:

set ETAHOME="C:\Program Files (x86)\CA\Identity Manager\Provisioning Server"

rem host name of Provisioning server

set HOST=YourProvServer

rem Provisioning Domain Name

set DOMAIN=im

rem Provisioning Server administrator:

set USERDN="eTGlobalUserName=superadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=%DOMAIN%,dc=eta"

rem Provisioning Server administrator password

set PASSWD=secret

set BASEDN="eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta"

rem all GUs with CF11 null (not present) or CF11 not equal to "IM"

set FILTER="(&(objectClass=eTGlobalUser) (| (!(eTCustomField11=*)) (!(eTCustomField11=IM)) ) )"

rem Attributes you want to extract

set ATTRIB=eTGlobalUserName

%ETAHOME%\bin\ldapsearch -LLL -h %HOST% -p 20389 -D %USERDN% -w %PASSWD% -b %BASEDN% -s sub %FILTER% %ATTRIB%