Active Directory Examples

This section provides examples of actions that you can run on an Active Directory resource after a resource adapter performs the following operations:

• Creation of a user

• Update or edit of a user account

• Deletion of a user

Example 1: Action that Follows Creation of a User

This procedure shows how to include an action that will run after the creation of a new user on the Active Directory resource.

Including an Action that Follows the Creation of a User

1. Enter create after action in the Identity Manager User Attribute column of the resource’s schema map.

2. In the Attribute Type column, select string.

3. In the Resource User Attribute column, enter IGNORE_ATTR. Leave the Required, Audit, Read Only, and Write Only columns unchecked.

4. Add the following code to the user form you are using to create or edit users:

   <Field name=’resourceAccounts.currentResourceAccounts[AD].attributes. create after action’> <Expansion> <s>AfterCreate</s> </Expansion> </Field>

5. Create the following XML file and import it into Identity Manager. (Change the file paths according to your environment.)

   <?xml version=’1.0’ encoding=’UTF-8’?> <!DOCTYPE Waveset PUBLIC ’waveset.dtd’ ’waveset.dtd’> <Waveset> <ResourceAction name=’AfterCreate’> <ResTypeAction restype=’Windows Active Directory’ timeout=’6000’> <act> echo create >> C:\Temp\%WSUSER_accountId%.txt exit </act> </ResTypeAction> </ResourceAction> </Waveset>

Example 2: Action that Follows the Update or Edit of a User Account

This procedure shows how to include an action that will run after the update or edit of a user on an Active Directory resource.

Including an Action that Follows the Update or Edit of a User

1. Enter update after action in the Identity Manager User Attribute column of the Active Directory schema map.

2. In the Attribute Type column, select string.

3. In the Resource User Attribute column, enter IGNORE_ATTR. Leave the Required, Audit, Read Only, and Write Only columns unchecked.

4. Add the following fields to the user form that you are using to create and edit users:

   <Field name=’resourceAccounts.currentResourceAccounts[AD]. attributes.update after action’> <Expansion> <s>AfterUpdate</s> </Expansion> </Field>

5. Create the following XML file and import it into Identity Manager. (Change file paths according to your environment.)

   <?xml version=’1.0’ encoding=’UTF-8’?> <!DOCTYPE Waveset PUBLIC ’waveset.dtd’ ’waveset.dtd’> <Waveset> <ResourceAction name=’AfterUpdate’> <ResTypeAction restype=’Windows Active Directory’ timeout=’6000’> <act> echo update >> C:\Temp\%WSUSER_accountId%.txt exit </act> </ResTypeAction> </ResourceAction> </Waveset>

Example 3: Action that Follows the Deletion of a User

This procedure shows how to include an action that will run after the deletion of a user on the Active Directory resource.

Including an Action that Follows the Deletion of a User

1. Enter delete after action in the Identity Manager User Attribute column of the resource’s schema map.

2. In the Attribute Type column, select string.

3. In the Resource User Attribute column, enter IGNORE_ATTR. Leave the Required, Audit, Read Only, and Write Only columns unchecked.

4. Add this to the Deprovision Form user form after the </Include> tag:

   <Field name= ’resourceAccounts.currentResourceAccounts[AD].attributes. delete after action’> <Expansion> <s>AfterDelete</s> </Expansion> </Field>

5. Create the following XML file and import into Identity Manager. (Change file paths according to your environment.)

   <?xml version=’1.0’ encoding=’UTF-8’?> <!DOCTYPE Waveset PUBLIC ’waveset.dtd’ ’waveset.dtd’> <Waveset> <ResourceAction name=’AfterDelete’> <ResTypeAction restype=’Windows Active Directory’ timeout=’6000’> <act> echo delete >> C:\Temp\%WSUSER_accountId%.txt exit </act> </ResTypeAction> </ResourceAction> </Waveset>

6. Edit the XML for the Active Directory resource and add information to the “delete after action” schema mapping. Here is an example of a complete schema mapping for this resource with the new additions. (You will be adding the views-related information.)

   <AccountAttributeType id=’12’ name=’delete after action’ syntax=’string’ mapName=’IGNORE_ATTR’ mapType=’string’> <Views> <String>Delete</String> </Views> </AccountAttributeType>