Hey guys,
I got an issue with controlling an AD from IdM. Problem is that my deprovisioning doesn't run, at all!
I created my repository with the standard values (starting point, starting point groups, naming attribute = cn (right?)) and I defined provisioning, deprovisioning and modify tasks using the tasks in the SAP PF ADS tasks.
So I can assign a privilege (AD group) to a user in IdM. This user get's created in AD and get's added to the correct group.
Problem is when I remove this privilege again it is not getting removed from AD. Neither is the user being disabled/removed.
To answer the obvious question: Yes all the jobs are activated and have a dispatcher assigned.
What I see in the log is: Modify User. And that's it, normally I would assume that the deprovision job get's triggered next.
Hope someone has an answer for me!
regards,
Jonathan
(have a nice weekend 😊)