How to specify OU by user attribute value
Article ID: 211129
Updated On:
Products
Issue/Introduction
The current setting is that the Active Directory account is created directly under the OU called "Test Users".
Is it possible to change this to create an account in the OU one level below depending on the conditions?
TestUsers
┣ Tokyo
┃┗User001
┗Osaka
┗User101
Environment
Release : 14.x
Component : IdentityMinder(Identity Manager)
Resolution
Use the multiple filter settings on the Account Container tab of the account template.
Filter settings can be created from either the Provisioning Manager or the User Console, but Provisioning Manager is easier to create.
For example, you can specify the OU to create an account with the office attribute value as follows:
Account Container Filters:
Container: ADSOrgUnit = Tokyo, ADSOrgUnit = TestUsers, EndPoint = <ADS Endpoint>, Namespace = Active Directory, Domain = im, Server = Server
User Accounts Filter:eTOffice = Tokyo
Container: ADSOrgUnit = Osaka, ADSOrgUnit = TestUsers, EndPoint = <ADS Endpoint>, Namespace = Active Directory, Domain = im, Server = Server
User Accounts Filter: eTOffice = Osaka
Container: ADSOrgUnit = TestUsers, EndPoint = <ADS Endpoint>, Namespace = Active Directory, Domain = im, Server = Server
User Accounts Filter: eTGlobalUserName = *
Account Container Settings in the User Console:
Results:
If the Office attribute value is Tokyo, the account is created in Tokyo OU.
If it is Osaka, the account is created in Osaka OU.
If it is neither Tokyo nor Osaka, the account is created in TestUsers OU.
Feedback
