How to set the authOrig attribute on AD accounts via Policy Xpress

Document ID : KB000012672
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

We want to use Policy Xpress to set authOrig on an Active Directory account when the account is terminated so that it can receive email only from itself and not from anyone else.  What is the proper format for the attribute value when setting it via PX?

Answer:

The value must use the IAMHandle format with some additional data.

For example, if the AD account's DN is "CN=test user,CN=Users,DC=ADEndpoint,DC=support,DC=com" use the following as the value in the PX action to update the account attribute (including the brackets): 

{"name":"Account=test user,ADSContainer=Users,EndPoint=ADEndpoint,Namespace=ActiveDirectory,Domain=im,Server=Server"}

The same formatting can also be used if setting the value to another user's DN, not only for that account itself.