cancel
Showing results for 
Search instead for 
Did you mean: 

Intial Load of AD accounts has Unique ID as Display Name Not User Id

0 Kudos

Hello,

Please advise on why an intial load from Active Directory into the main IDM 8 Identity store has the Display Name as the Unique Identifier showing in the Web UI. Shouldn't it be the SAMACCOUNTNAME.  How can we change this and clean up the data that is currently in there from the initial load and consolidate the accounts based on the unique id.  We currently have a demo system with AD and SAP accounts loaded and just recently were able to configure the HCM data loads.

Please also advise on the steps to enable IDM 8 with Office 365 if possible or links to documents.  Is there a connector available for it?

Thanks,


Todd

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Todd,

As Matt said already , samaccountname is also unique ID in AD and should be mapped to MSKEYVALUE in IDM in initial load job.

I also was surprised to see displayname from AD to map with MSKEYVALUE in IDM.

But I changed the mapping in the initial load job and used samaccountname .


'name' to be replaced by 'samaccountname'.

regarding deletion of data already loaded due to old mapping of displayname, you would need to create custom job and define appropriate query to delete unwanted users with MSKEYVALUE in IDM as displayname (of AD).

Using From ASCII pass also list of users can be stored in runtime table and then another pass (To Identity store) deletes those unwanted users.

Regards,

Pradeep

Answers (1)

Answers (1)

former_member2987
Active Contributor
0 Kudos

Todd,

It's all in how you map the attributes. Make sure you're mapping MSKEYVALUE to sAMAccountName.  Also there's no problem if you map sAMAccountName to multiple IDM attributes.

Good documentation sources can be found here (Login required) and

Out side of these sources, you'll need to use the SCN and SAP Support.

Matt

0 Kudos

Hello Matt,

Thanks for your response. I have reviewd the documentation. However, maybe I am missing it are you able to point me in the right direction of where you maintain this mapping. Is is mapped by default to display name?

Any help is appreciated.


Todd

former_member201064
Active Participant
0 Kudos

In each ToIdentityStore pass of the Initial Load jobs. As a good start you can set up an excel and write all systems with their attributes. Similar to this:

Appendix B: Mapping Between Identity Center and AS ABAP Attributes - SAP Identity Management Provisi...

You can expand this with the AD attributes.

IdM attribute / AD attribute

MSKEYVALUE samAccountName

DISPLAYNAME displayname

MX_LASTNAME sn

and so on.

The most relevant attribute is MSKEYVALUE.