Sun Java System Identity Synchronization for Windows 6.0 Deployment Planning Guide
When Contractors Become Full-Time Employees
When a contractor becomes a full-time employee, the special c- prefix
is removed from the person's login name. The new full-time employee is now
in SUL for the first time, and the entry will be interpreted as being new
even though it was not recently created. If the contractor has an Active Directory
entry that is modified, Identity Synchronization for Windows will attempt to create the entry in
Directory Server.
The following table provides the guidelines for handling contractor
accounts when they become full-time employees.
Table 2–3 Guidelines for
Transitioning Contractor to Employee Accounts
Active Directory Account
|
Directory Server Account
|
Creating Linked Entries in Active Directory and Directory Server
|
No account
|
No account
|
This kind of situation should not occur because contractors have either
an Active Directory or Directory Server account. If it does occur, create
a new entry in Active Directory, and Identity Synchronization for Windows automatically creates a
new user in Directory Server.
|
No account
|
Account
|
-
Remove the c- prefix from the Directory
Server entry’s uid.
-
Create a new entry in Active Directory for the new full-time
employee.
-
Run idsync resync to establish a link for the new full-time employee.
Use the -a option to limit the scope of the resync command
to a single user.
If a contractor's Directory Server entry is not important, do the following:
-
Delete the Directory Server entry for the contractor, if there
is one.
-
Create a new entry in Active Directory.
-
Identity Synchronization for Windows will create the corresponding new user in Directory
Server.
|
Account
|
No account
|
Remove the c- prefix from the Active Directory entry’s samaccountname.
Identity Synchronization for Windows will interpret the change as a new user and create the
corresponding new user in Directory Server.
|
Account
|
Account
|
-
Remove the c- prefix from the Directory
Server entry’s uid.
-
Remove the c- prefix from the Active Directory
entry’s uid.
Note –
If this entry is modified before the Directory Server entry, the
contractor will have two Directory Server accounts (the original one and a
new one with a uid without the c- prefix)
-
Run idsync resync to establish a link for
the new full-time employee. Use the -a option to limit
the scope of the resync command to a single user.
If a contractor's Directory Server entry is not important, do the following:
-
Delete the Directory Server entry for the contractor, if there
is one.
-
Remove the -c prefix from the Active Directory
entry’s samaccountname.
-
Identity Synchronization for Windows will create the corresponding new user in Directory
Server.
|