How to read AD Attributes but not in IDM SAP standard mapping table

Hi All expert,

How can i read AD Attributes but not in IDM SAP standard mapping table?

Ref:

http://help.sap.com/saphelp_nwidmic_80/helpdata/en/ca/f828deac524dc3bf4f151077c687e2/content.htm

Example. I would like to read "EmployeeID" from AD attribute and write to IDM, therefore, i can read "EmployeeID" attribute via IDM UI page.

Is it possible? If you have any idea or ref link, please share and appreciate your help.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

10 Answers

  • Best Answer
    Jan 28, 2017 at 08:14 PM

    Hello Shunji,

    I remember that I have also faced the same issue while using the True for local time.

    Could you please try with true and TRUE. As I remember, one of this works fine for the local time.

    If you still face the issue then please open a new thread (as suggested by Matt) or raise OSS.

    Regards,

    C Kumar

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 11, 2017 at 02:22 PM

    Hi,

    Can you post a screenshot? Also the link you are using doesn't seem to work. Also, please confirm what version of IDM you are using, but it's possible to represent just about all AD atrributes in IDM, it's just a matter of creating a custom attribute and then putting it into the pass.

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 12, 2017 at 06:32 PM

    Hi Matt,

    I am using IDM8.0 SP3, I can open the link but I have the print screen as below,

    The attribute I want to sync to IDM,

    Example : "Enabled", or EmployeeID ( It is empty now )

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 12, 2017 at 10:45 PM

    Hi Shunji,

    If i understand correctly, there are some fields in AD which holds the Employee ID and Enabled values. and you would like to fetch them form Ad and write IDM? If yes then kindly find the attribute name which holds those values in AD and use the same field/attribute names in the Read Pass at the time of reading values from AD.

    For Example: MailNickName attribute is available in AD attribute Editor section, but it is not mentioned in IDM -AD Mapping sheet. So in the read pass i would inlcude MailNickName attribute just like other attributes and reads the data.

    Regards,

    DP

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 12, 2017 at 10:45 PM

    Hi Shunji,

    If i understand correctly, there are some fields in AD which holds the Employee ID and Enabled values. and you would like to fetch them form Ad and write IDM? If yes then kindly find the attribute name which holds those values in AD and use the same field/attribute names in the Read Pass at the time of reading values from AD.

    For Example: MailNickName attribute is available in AD attribute Editor section, but it is not mentioned in IDM -AD Mapping sheet. So in the read pass i would inlcude MailNickName attribute just like other attributes and reads the data.

    Regards,

    DP

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 13, 2017 at 01:29 PM

    I tied but it didn't read that attributes. Do we need to create new javascript to read the non-standard AD attribute?

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 23, 2017 at 02:27 PM

    Hi Matt and DP,

    Thank you for your answer and I found out the main reason why I cannot get some attributes value from AD to IDM.

    IDM only support attributes under "ADSIEdit", but not all from Powershell script "Get-Aduser" command.

    Example, there is no "Enabled" attribute under ADSIEdit but Get-Aduser, therefore, IDM cannot get the correct value from AD.

    Thank you again, now I need to find out how to convert from "AD Timestamp" -> human readable time,

    Example, AD time stamp " 131220187990000000 " - > 26 Oct 2016.

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Shunji,

      Do you have a reference for that? The only time I've ever had an issue is if SSL is involved, or if there is a permissions issue. If it's part of the schema, IDM should be able to read it.

      Thanks,

      Matt

  • Jan 24, 2017 at 09:06 AM

    Hello Shunji,

    you can use uint8ToDate function to convert AD timestamp to Human readable date format. For more details please check the below link.

    http://help.sap.com/saphelp_nwidmic_80/helpdata/en/d3/24b691e99340b08ba9d5e1bea65e36/content.htm

    Regards,

    C Kumar

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Kumar,

      Thank you for your answer!! It works if I put "return uInt8ToDate(Par)" without local time.

      However, when i put "local time" which is ( return uInt8ToDate(Par,True)). I got error as below

      addEntry failed

      undefined: "True" is not defined.

      Any idea?

  • Jan 25, 2017 at 03:36 PM

    Hi Guys,


    This should be in a separate thread. Thanks!

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 26, 2017 at 12:27 PM

    Hi Matt,

    You are right, will open the new thread next time. Thank.

    Add comment
    10|10000 characters needed characters exceeded

Skip to Content