IM Template lost when AD User moves OU
Article ID: 211741
Updated On:
Products
Issue/Introduction
When a Microsoft Active Directory (AD) User moves between OU's (Object Units) via the "Active Directory Users and Computers" interface the user loses their correlation with the CA Identity Manager (IM) Account Template.
Environment
Release : 14.3 CP2
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
Cause
The IM Active Directory Endpoint Configuration has an option to "Detect Account Move Across Containers". When selected this will ensure that a user remains correlated with their Account Templates when they move between OUs. However, a code issue has been identified where the OU itself is not considered, so if the OU moves the correlation is lost.
Resolution
14.3 CP2 Fix "HF-DE497432" has been released to address this issue.
Additional Information
Please note that when running and Explore and Correlate (E&C) from Provisioning Manager, you must ensure that the root is fully selected (checkbox with a black tick, not just greyed out) for the feature "account movement across OU's" works. this means all containers under the root node will be part of E&C operation.
Example of a Greyed out Check Box (which will NOT work):
Feedback
