×

IDMWORKS Blog

Automatically Create An Account In Active Directory When Reading In A Flat FIle from Aveksa Compliance Manager


The challenge is:

How do you make Aveksa Compliance Manager automatically create a User account object in Active Directory after running a collection (& unification) for all new users.

This should be pretty easy… right, but it’s not as easy as you think so I built a mindmap which explains the process:

 

 UpdateTargetfromPSFT_sm.jpg

 

  1. Create an AFX connector, make sure that you enable the following functions: Create, Update and Add to AD Group
  2. Create an Application (and collectors) and associate the AFX connector to this Application. Make sure you collect Account, Account Mappings and Groups.
  3. Create an Account Template (it needs to have a “Pending Account Parameter” called “Name” associated to ${User.User_Id}.
  4. Create a Rule that will add a Group to all “new users” after unification.

Test Question: Do you know why I highlighted Group(s)?

Answer: The fact that you add a Group to a user who doesn’t have an account will force Aveksa to create the account in Active Directory.

Do you have a better way of doing this? We would love to hear from you!

 

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers. 

Questions, comments or concerns? Feel free to reach out to us below, or email us at IDMWORKS to learn more about how you can protect your organization and customers.

  1. Hi Paul,

    Your post is very informative. I have done the same steps that you have given but ended with no success. Can you please tell me am I missing something.
    The error I am getting while creating the account: Error: LDAPException: Unwilling To Perform (53) Unwilling To Perform LDAPException: Server Message: 0000001F: SvcErr: DSID-031A129B, problem 5003 (WILL_NOT_PERFORM), data 0 LDAPException:

    I have created a AD connector and its test is successful and while testing with the data for the creation of Account I am getting the above error.
    While Mapping Account Name I have given: CN=${User.LoginID},CN=Users,DC=,DC=in
    Is it correct way?

    And also can you please explain me why to create a Pending Account Parameter?

    Thanks,
    Pandu

Leave a Reply

Your email address will not be published. Required fields are marked *