How to report Global Users from Provisioning store which are missing from IM corporate directory?
Set a custom field of corporate global users belonging to IM then search in provisioning store those which are not marked.
Instructions:
1. From the Management Console, in the Provisioning Advanced Settings, map a custom user attribute (e.g.: IMUsrCustom11) in the Corporate Directory to a user attribute in the provisioning directory (e.g.: eTCustomField11).
2. From the User Console create a Bulk Task Definition for the User Object Type and the Modify User Task.
The custom user attribute (e.g.: IMUsrCustom11) will be set on each object in the Bulk Task’s population to one value (e.g.: “IM”). The Object filter in the population is (all).
Execute this Bulk Task.
3. Execute the following script against the Provisioning Server to report Users existing in the provisioning directory but missing from IM corporate directory:
set ETAHOME="C:\Program Files (x86)\CA\Identity Manager\Provisioning Server"
rem host name of Provisioning server
set HOST=YourProvServer
rem Provisioning Domain Name
set DOMAIN=im
rem Provisioning Server administrator:
set USERDN="eTGlobalUserName=superadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=%DOMAIN%,dc=eta"
rem Provisioning Server administrator password
set PASSWD=secret
set BASEDN="eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta"
rem all GUs with CF11 null (not present) or CF11 not equal to "IM"
set FILTER="(&(objectClass=eTGlobalUser) (| (!(eTCustomField11=*)) (!(eTCustomField11=IM)) ) )"
rem Attributes you want to extract
set ATTRIB=eTGlobalUserName
%ETAHOME%\bin\ldapsearch -LLL -h %HOST% -p 20389 -D %USERDN% -w %PASSWD% -b %BASEDN% -s sub %FILTER% %ATTRIB%