In a termination/offboarding use case, Active Directory accounts must be closed off but not deleted for future rehire. One of the actions in the process is to remove values of the extended attributes in payload.
An existing AD account contains those above values:
<Please see attached file for image>
The eTADSPayload would look like this in Provisioning Directory:
msExchPoliciesExcluded:01:0038={26491CFC-9E50-4857-861B-0CB8DF22B5D7};msExchRemoteRecipientType:01:0001=1;msExchUsageLocation:01:0002=AU;
How to remove those values?
IM R12.6 SPx, 14.x . Information in this techdoc is tested on R12.6 SP2, 14.1, 14.2.
Those attributes cannot be removed but can be reset to a blank value using Policy Xpress (PX). Here is the story:
1. Create a PX that is triggered in a certain condition. In this techdoc, disabling a corporate user will fire the PX to re-set their account's payload
Select an appropriate event to trigger the PX, for example:
<Please see attached file for image>
Create relevant data elements to use in Action Rules, for example:
<Please see attached file for image>
Set appropriate conditions to invoke action rules, for example, userID contains "test" string and has disable status (=1).
<Please see attached file for image>
Add an Action Rule to reset the payload with blank values:
msExchPoliciesExcluded:01:0000=;msExchRemoteRecipientType:01:0000=;msExchUsageLocation:01:0000=;
On 14.x the format has changed, you should use the following format instead:
{"name":"msExchPoliciesExcluded","value":""}^{"name":"msExchRemoteRecipientType","value":""}^{"name":"msExchUsageLocation","value":""}
Put the above data in the Value field of the payload:
<Please see attached file for image>
Save the PX.
2. Run a task to trigger the condition for the PX to fire. Verify that the attributes msExchPoliciesExcluded, msExchRemoteRecipientType, and msExchUsageLocation are set to <not set> in AD.
There is a known bug on 14.x, which is recorded in DE401939, where all extended attributes in schema.ext are deleted with above-mentioned configured PX policy. At the time this article is written, this bug hasn't been listed in Release Notes document (https://docops.ca.com/ca-identity-manager/14-2/EN/release-information/release-notes-14-2-cumulative-patches). You may raise Support Call Ticket to get the fix.