It's possible explore / correlate only one AD user instead of all the OU?
search cancel

It's possible explore / correlate only one AD user instead of all the OU?

book

Article ID: 380940

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

It's possible explore / correlate only one AD user instead of all the OU?

Resolution

Following an example using ldapsearch inside a .bat file:

set ADMIN_SERVER=<hostname of admin server>
set ADMIN_DOMAIN=im
set PASSWORD=<password of your admin user>
set ADS_ENDPOINT=<ads endoint name>
set ADS_ACCOUNTNAME=<account in AD>

rem 1. To explore:

ldapsearch -h %ADMIN_SERVER% -p 20389 -D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=%ADMIN_DOMAIN%,dc=eta" -w  %PASSWORD% -b  "eTADSOrgUnitName=Users,eTADSOrgUnitName=UAM,eTADSOrgUnitName=Sites,eTADSDirectoryName=%ADS_ENDPOINT%,eTNamespaceName=ActiveDirectory,dc=%ADMIN_DOMAIN%,dc=eta" -s sub  "(&(eTADSAccountName=%ADS_ACCOUNTNAME%)(objectclass=*))" eTExploreUpdateEtrust

rem you need adjust the organization unit path above
rem "eTADSOrgUnitName=Users,eTADSOrgUnitName=UAM,eTADSOrgUnitName=Sites" to your user path.

rem 2. to correlate:|

ldapsearch -h %ADMIN_SERVER% -p 20389 -D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=%ADMIN_DOMAIN%,dc=eta" -w  %PASSWORD% -b  "eTADSOrgUnitName=Users,eTADSOrgUnitName=UAM,eTADSOrgUnitName=Sites,eTADSDirectoryName=%ADS_ENDPOINT%,eTNamespaceName=ActiveDirectory,dc=%ADMIN_DOMAIN%,dc=eta" -s sub  "(&(eTADSAccountName=%ADS_ACCOUNTNAME%)(objectclass=*))"  eTExploreCorrelateUsers 

rem 3. to create the users (if necessary)

ldapsearch -h %ADMIN_SERVER% -p 20389 -D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=%ADMIN_DOMAIN%,dc=eta" -w  %PASSWORD% -b  "eTADSOrgUnitName=Users,eTADSOrgUnitName=UAM,eTADSOrgUnitName=Sites,eTADSDirectoryName=%ADS_ENDPOINT%,eTNamespaceName=ActiveDirectory,dc=%ADMIN_DOMAIN%,dc=eta" -s sub  "(&(eTADSAccountName=%ADS_ACCOUNTNAME%)(objectclass=*))" eTExploreCreateUsers 

rem 4. to update the global users with data from explored account


ldapsearch -h %ADMIN_SERVER% -p 20389 -D "eTGlobalUserName=etaadmin,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=%ADMIN_DOMAIN%,dc=eta" -w  %PASSWORD% -b  "eTADSOrgUnitName=Users,eTADSOrgUnitName=UAM,eTADSOrgUnitName=Sites,eTADSDirectoryName=%ADS_ENDPOINT%,eTNamespaceName=ActiveDirectory,dc=%ADMIN_DOMAIN%,dc=eta" -s sub  "(&(eTADSAccountName=%ADS_ACCOUNTNAME%)(objectclass=*))"  eTExploreUpdateUsers