Skip to Content

SAP IdM to AD - keep current value and add additional without overwriting


is there a possibility to provision a field like for example "description" from IdM to AD without overwriting the text which exists already in AD field description?

Just extend the existing text with the new one which is coming from IdM.

Kind regards


Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Jan 16, 2017 at 10:30 AM

    Hi Matt,

    thanks for the response.

    Just by the way, I saw a lot of posts from you which helped me already with some issues so thanks for that :-)

    The dot operator to my knowing only writes the value when adding an entry, but not when modifing, correct?

    I try to explain my case a little bit clearer.

    We have already an existing AD entry where the attribute descrition contains text for example: "This is the description".

    What I want now is when I do a modify of this AD entry SAP IdM should write into the field description for example "edited by IDM" but also keep the existing value. "This is the description"

    So the result in AD should be for field description: "This is the description edited by IDM". I have tried to do so in the ToLDAPdirectory pass, but until now without success...

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Sergius, always happy to help.

      This is also possible. Just do something like

      IDM will concatenate the two values and write them to the designated AD attribute. You can also do this via a script.

      Hope it helps!


      toldap1.jpg (168.7 kB)
  • Jan 13, 2017 at 01:42 PM

    Hi Sergius,

    This is actually pretty simple to do. All you need to do is use the dot operator for the DESCRIPTION field. This link should help you:

    Please let us know if you have any other questions.



    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jan 25, 2017 at 09:48 AM

    Hey Sergius,

    I'm happy to get corrected here, but I think this not possible without deeply messing with the LDAP connector.

    You could read the value firsthand and write back the combined key. But you probably already thought of this.

    Did you already find a solution?


    Add comment
    10|10000 characters needed characters exceeded

    • Hi Hendrik,

      thanks for you reply. Thats the way I realized it in the meantime. I created a job to load the current description in an temporary table. also a script that copies the current description, extends with the new and writes it back to AD.