Explore and Correlate clearing Active Directory account attributes
Article ID: 420788
Updated On:
Products
Issue/Introduction
Running Explore and Correlate on a fresh Active Directory endpoint creates IM users and Global users corresponding to the Active Directory accounts.
However, we are now facing issue where all the fields (attributes) in Active Directory accounts are getting replaced with blank value except – First Name, Last Name, Full Name and Password.
What could be causing this behaviour?
Environment
Identity Manager 14.5.x
Cause
The “Account Synchronization” parameter in the “Provisioning Create User” task was modified from its default value of “Off”.
Resolution
The Explore and Correlate process triggers the execution of the “Provisioning Create User” task in IM through an inbound notification. If the “Account Synchronization” parameter in this task is not set to “Off”, the system performs an account synchronization, which results in unintended updates to the AD accounts.
By default, the “Account Synchronization” parameter is set to “Off”.
To resolve the issue, revert this parameter to its default value of “Off”.
Feedback
