Skip to Content
Former Member
Oct 01, 2012 at 02:27 PM

Active directory Reconciliation


Hello experts,

I am running idm 7.2 sp5 patch 1 and facing some trouble around reconciliation...

Basically my point is to reconcile users, groups and privileges between idm and my target system (ie an active directory).

My trouble comes when writing the missing users in the ids. I used the pass used in the ADS initial load, just changing the initial query. so i read my users and then write them to my identity store, giving them the priv system and priv only. But it then triggers provisioning and so try to create the user... if i use a changetype add, it fails because the user already exists in AD (resulting in a failed assignment of the priv:ad:only and so no further assignment possible), if i use a changetype modify it also fails except if i disable some attributes that i want to have when a really create a new user...

Do you know anyway to avoid this or should i just create a csv file where i write that the user exists in AD but not in IDM but do nothing?

Thanks a lot for your answers,