ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Cannot modify the "User Logon Name" of AD Accounts during synchronization

book

Article ID: 132847

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

When you create an account template, you can use rules strings to define the format of many account attributes. Rule strings are variables for the actual value. Rules strings are useful when you want to generate attributes that change from one account to another. When rules are evaluated, CA Identity Manager replaces the rule strings entered in the account templates with data specified in the user object.

A scenario has been identified with the following behavior:

When setting the Account ID equal to %UE% (User Email Address) even with strong sync enabled the Account Id does not get synchronized.

Cause

This is working as per the current design.

Environment

Release : 14.x

Component : IdentityMinder(Identity Manager)

Resolution

This cannot be achieved through template synchronization.  To overcome this issue you must create a PX (Policy Xpress) policy to set the attributes after synchronization.

Additional Information

For more information on Attributes and Rule strings, please refer to the CA Identity Manager Product documentation.


https://docops.ca.com/ca-identity-manager/14-3/EN/administrating/managed-endpoints-and-provisioning/provisioning-roles/attributes-and-rule-strings-in-account-templates