Pull attribute from Active Directory through CA Identity Manager

Document ID : KB000016158
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

How to pull an attribute from Active Directory through CA Identity Manager?

Answer:

Policy Xpress is the approach to take in this situation. The only issue is that it is only triggered based on specific events / tasks.


For example, to get the manager attribute during the Active Directory Explore and Correlate, select the AD manager attribute during the Active Directory endpoint explore and update global user fields process. Make sure to define the Endpoint Mappings between the AD manager and Global User attribute (ex. eTCustomField99). Then map that Global user attribute (eTCustomField99) with an IM attribute (for example, %STRING_00%) on the Identity Manager environment Provisioning Advanced Settings. During AD endpoint explore, the value of AD manager attribute will be taken in DN format (ex. cn=manager,ou=users,dc=forwardinc,dc=ca) and this will be propagated to Global User attribute (in this case eTCustomField99) From there it will be propagated to IM attribute (in this case %STRING_00%). Then trigger a Policy Xpress when the IM attribute (%STRING_00%) is updated to extract only the manager userid from the DN and set %MANAGER% attribute of the user.