How to report Global Users from Provisioning store which are missing from IM corporate directory?
search cancel

How to report Global Users from Provisioning store which are missing from IM corporate directory?

book

Article ID: 31053

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

How to report Global Users from Provisioning store which are missing from IM corporate directory?

 

Environment

Release:
Component: IDMGR

Resolution

Set a custom field of corporate global users belonging to IM then search in provisioning store those which are not marked.

Instructions

1. From the Management Console, in the Provisioning Advanced Settings, map a custom user attribute (e.g.: IMUsrCustom11) in the Corporate Directory to a user attribute in the provisioning directory  (e.g.: eTCustomField11).

 

2. From the User Console create a Bulk Task Definition for the User Object Type and the Modify User Task.

The custom user attribute (e.g.: IMUsrCustom11) will be set on each object in the Bulk Task’s population to one value (e.g.: “IM”). The Object filter in the population is (all).

Execute this Bulk Task.

 

3. Execute the following script against the Provisioning Server to report Users existing in the provisioning directory but missing from IM corporate directory:

set ETAHOME="C:\Program Files (x86)\CA\Identity Manager\Provisioning Server"

rem host name of Provisioning server

set HOST=YourProvServer

rem Provisioning Domain Name

set DOMAIN=im

rem Provisioning Server administrator:

set USERDN="eTGlobalUserName=superadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=%DOMAIN%,dc=eta"

rem Provisioning Server administrator password

set PASSWD=secret

set BASEDN="eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta"

rem all GUs with CF11 null (not present) or CF11 not equal to "IM"

set FILTER="(&(objectClass=eTGlobalUser) (| (!(eTCustomField11=*)) (!(eTCustomField11=IM)) ) )"

rem Attributes you want to extract

set ATTRIB=eTGlobalUserName

%ETAHOME%\bin\ldapsearch -LLL -h %HOST% -p 20389 -D %USERDN% -w %PASSWD% -b %BASEDN% -s sub %FILTER% %ATTRIB%