Symantec Identity Manager - Etautil - How to Check User Sync and Sync User With Roles
search cancel

Symantec Identity Manager - Etautil - How to Check User Sync and Sync User With Roles

book

Article ID: 259014

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

Etautil commands which can be used to report on and fix the impacted users/accounts which are missing the account template references or where the accounts are missing completely or where accounts are extra.

Environment

All Identity Manager

Resolution

Below are the etautil example commands:


This etautil is the equivalent of the "Check User Synchronization" found in the Provisioning Manager. Running with * for all users could be expensive.

etautil -u USER -p PWD select 'eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects' eTGlobalUser eTGlobalUserName='*' list eTSyncUsers eTSyncDelete

 


This etautil is the equivalent of the "Synchronize User With Roles" found in the Provisioning Manager to create missing accounts or add missing account templates to accounts.

etautil -u USER -p PWD update 'eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects' eTGlobalUser eTGlobalUserName='GU_Name' to eTSyncUsers='1'

 


This etautil is the equivalent of the "Synchronize User With Roles" found in the Provisioning Manager to delete extra accounts.

etautil -u USER -p PWD update 'eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects' eTGlobalUser eTGlobalUserName='GU_Name' to eTSyncDelete='1'


The below etautil is the equivalent of the "Synchronize User With Roles" found in the Provisioning Manager to create missing accounts or add missing account templates to accounts and on a masschange level and against all enabled users. (Does not include disabled users)

etautil -u USER -p PWD masschange 'eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects' eTGlobalUser eTGlobalUserName=* eTSuspended=0 to eTSyncUsers='1'

NOTE: You can remove eTSuspended=0 in the above sample and it will synchronize all users no matter their current enabled state.

The eTSuspended=0 filters for only users who are not suspended.

The eTSyncUsers='1' will add any missing account templates.

If you wanted to remove any extra account templates then you would run the same commands but change eTSyncUsers='1'  to eTSyncDelete='1'

Example:

etautil -u USER -p PWD masschange 'eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects' eTGlobalUser eTGlobalUserName=a* eTSuspended=0 to eTSyncDelete='1'

Powered by Wolken Software