[lsc-users] LSC ad to ad sync marking new ad accounts as disable

Soisik Froger soisik.froger at savoirfairelinux.com
Fri Jan 12 12:27:36 CET 2018


On 12/01/2018 10:52, Vaibhav Narula (ISO-IAM) wrote:
> Hi All,
> 
> I am trying to sync two ad but for any new user created on destination ad  we want to put it in disable state.
> 
> AD.userAccountControlSet( "514", [AD.UAC_SET_ACCOUNTDISABLE])
> 
> 
> Regards
> Vaibhav

Hi,

Did you try to only set this attribute only when user is created ?

<ldapDestinationService>
   ...
   <fetchedAttributes>
     ...
     <string>userAccountControl</string>
     ...
   </fetchedAttributes>
   ...
</ldapDestinationService>
<propertiesBasedSyncOptions>
...
   <dataset>
     <name>userAccountControl</name>
     <policy>KEEP</policy>
     <createValues>
	<string>AD.userAccountControlSet("0",[AD.UAC_SET_ACCOUNTDISABLE])</string>
     </createValues>
   </dataset>
...
</propertiesBasedSyncOptions>

See https://lsc-project.org/documentation/latest/configuration/syncoptions/activedirectory
https://lsc-project.org/javadoc/2.1-SNAPSHOT/org/lsc/utils/directory/AD.html#userAccountControlSet-int-java.lang.String:A-

-- 
Soisik


More information about the lsc-users mailing list