0
Answered

Configuration help populating manager attribute in AD in UNIFYAssure for Aurion

Adrian Corston 5 years ago in UNIFYBroker/Plus updated by Matthew Davis (Technical Product Manager) 5 years ago 9

In my Broker/Plus environment (based on UNIFYAssure for Aurion) I am trying to synchronise the manager attribute to AD but seeing the following error:

Image 5227

My configuration has an Aurion connector/adapter -> Link -> Locker -> Link -> AD connector/adapter in a standard setup.

The Manager attribute in the Aurion adapter is calculated via a DN join:

Image 5230

Image 5228

Image 5229

Here's an example, looks correct.

Image 5233

Image 5234

I synchronise the Manager attribute from the Aurion Adapter to the Locker:

Image 5231

Image 5232

It looks correct in the Locker:

Image 5235

Image 5236

Image 5237

Image 5238

Then from the Locker to the AD Adapter:

Image 5239

Here's the AD Adapter configuration:

Image 5240

Image 5241

When I attempt a Baseline Synchronisation on the AD Link this is what I see, and the error above appears in the log file:

Image 5242

Can you please tell me what I need to do to get the synchronisation of the manager attribute to work correctly from the Locker to the AD Adapter?

Answer

Answer

You can construct the appropriate DN in powershell, either a transformation on the aurion adapter or as a synchronization task.

Sorry, this should have been a Question rather than an Idea.

I removed the Manager flow on the AD Link, and the error in the UI is still happening (although the log error isn't there any more).  So there may be other compounding problems.

Under review

Hi Adrian

That error message is something returned from AD. I'm no AD specialist so I can't help you with that side of it, but I'd start by checking the value for the manager is correct since it does mention it in the error message the didn't occur when you stopped setting that field.

The warning message means that for 2 of the entities being sync there are required fields that aren't being set. The message explains what required fields are. If this is not clear, let me know.

Thank you for your response Beau.  A reference field in AD (like 'manager') is normally set to the DN of the object being referenced.  How do I configure that in Broker/Plus?

Answer

You can construct the appropriate DN in powershell, either a transformation on the aurion adapter or as a synchronization task.

The DN for the AD manager object is available as a field on that object (either in the Adapter or the Locker), but not on the object for which the manager attribute is being populated.  How can Broker/Plus get the DN of the referenced manager object, to put it on the user object in AD?

Example:  Adrian's manager is Bob, so the 'manager' AD attribute of Adrian needs to be set to the DN of Bob's AD object.  Bob's DN is only available on Bob's record in Broker.  How do I get the DN value for Bob when I'm trying to populate Adrian's 'manager' attribute?

Hi Beau, I think maybe only the Product Group have access to the UNIFYAssure samples - at least it took Adam 15 minutes to work out how to grant me access to the Aurion Sample.  Could you please tell me where to access it so I can see if I have access or not?

OK, ignore my last message then.