Identity Manager - How to update Active Directory attributes using command line

Document ID : KB000098248
Last Modified Date : 30/05/2018
Show Technical Document Details
Introduction:
How to update Active Directory attributes using a command line?
Question:
The Policy XPress is not updating the AD accounts because no events are being triggered the PX since it is not possible to modify User attributes at this moment.

How to modify the Active Directory attributes without Policy XPress
Environment:
Identity Manager 12.x, 14.x
Answer:
To update AD attribute using the command line, you need to use ldapmodify command line.

The LDAPMODIFY command is located under folder: 
X:\Program Files (x86)\CA\Identity Manager\Provisioning Server\bin 

The command: 
ldapmodify -x -D "DN_of_account_used_connect_AD" -w <Acccount_Password> -h <AD_Hostname> -p 389 -f <LDIF_File>.ldif 

Where:
DN_of_account_used_connect_AD = Proxy AD Account DN used to connect to AD, the same one used in your AD endpoint
Acccount_Password = Password of the account above
AD_Hostname = Hostname or FQDN of Active Directory
LDIF_File = File with the account DNs and its attributes to be changed

Example: 
ldapmodify -x -D "CN=Administrator,CN=Users,DC=s10049,DC=com" -w MyPassword -h s10049 -p 389 -f test.ldif 


Below a sample content of test.ldif file.

dn: CN=Wilson Lara,OU=Sao Paulo,OU=Support,DC=sanad01-s10049,DC=com 
title: System Analyst
department: Suport Level I

dn: CN=Roberto Cruz,OU=Sao Paulo,OU=Support,DC=sanad01-s10049,DC=com 
title: Director
department: Marketing