How to synchronize an initial account attribute which is propagation allowed with its template.

Document ID : KB000048888
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

In this sample, Client wants to synchronize "Smart card is required for interactive logon" account option flag with one ADS template.
This account option flag is stored into eTADSuserAccountControl attribute on bit 18.
This eTADSAccount::eTADSuserAccountControl attribute is "initial" (not capability).
If you dump the parser table ( dumpptt -f -t adsparse -of adsparse.txt), you will see IsPolicySync: no.
This is the reason why it is not capability.
So this attribute will not be synchronized during the Accounts / Template synchronization process.

Solution:

The attribute can be propagated. This is "IsPropagationAllowed: yes" into the parser table.
You can write the following script that propagates a change in the template for this attribute.
The change is dummy because the original attribute value is passed.

@ECHO ON       
set ETAHOME="C:\Program Files (x86)\CA\Identity Manager\Provisioning Server" 
rem Provisioning Domain Name 
set DOMAIN=<DOMAIN>
rem Provisioning Server administrator:
set USER=<USER>
rem Provisioning Server administrator password
set PASSWD=<PASSWORD>
set TEMPLATE=<Your_ADS_Template>
%ETAHOME%\bin\etautil -d %DOMAIN% -u %USER% -p %PASSWD% select 'eTADSPolicyContainerName=Active Directory Policies,
eTNamespaceName=CommonObjects' eTADSPolicy eTADSPolicyName=%TEMPLATE% >TemplateAttributes.txt
 	
IF %ERRORLEVEL% NEQ 0 GOTO:EOF
 	
:: Loop reading TemplateAttributes.txt file
set ORIVAL=null
FOR /F "tokens=1,2,3 delims= " %%A IN (TemplateAttributes.txt) DO IF "%%A"=="eTADSuserAccountControl" set ORIVAL=%%C
echo %ORIVAL%       
       
IF %ORIVAL% == null GOTO:EOF 
 
%ETAHOME%\bin\etautil -d %DOMAIN% -u %USER% -p %PASSWD% update 'eTADSPolicyContainerName=Active Directory Policies,
eTNamespaceName=CommonObjects' eTADSPolicy eTADSPolicyName=%TEMPLATE% to eTSyncAccounts=1 eTADSuserAccountControl=%ORIVAL%
 	
del TemplateAttributes.txt