Users are disabled the morning of there last working day and we need them to only be disabled +1 day of there last working day.

Hi Adam,

I wonder if you could help me as I'm trying to add a Timeoffset flag to the Adapter for the EndDate // Active as per https://unifysolutions.jira.com/wiki/display/IDB306/Time+offset+flag+transformation, but there is quite a complex configuration with the following names:
<adapter name="Move" >
and
<adapterEntityTransformationFactory name="ChainList">

etc.
I have search for items on Jira, but could not find it. Could you please assist me with this. I have attached the connector and Adapter configuration files. ACGCEO is still running Identity Broker 3.0.6.1

Hi André van der Westhuizen,

Adapter transformations can be chained (allow for more than one) by using the IDB306:Chain list transformation.

You can place the IDB306:Time offset flag transformation wherever you want inside the chain, as long as it's after any other transformations that contribute attributes that you reference in the new transformation (IDB306:Concepts of transformations).

Have change the current configuration for the position:

            <adapter name="IsOperative.Inclusive"
               StartColumn="hr_psts_date"
               EndColumn="hr_term_date"
               DestinationColumn="Active"
               IsOperativeValue="true"
               IsNotOperativeValue="false" >
            </adapter>

To:

			<adapterEntityTransformationFactory
				name="TimeOffset"
				SourceColumn="hr_term_date"
				DestinationColumn="terminatedoffset"
				Offset="24:00:00"
				AdjustForLocal="True" />
		
            <adapter name="IsOperative.Inclusive"
               StartColumn="hr_psts_date"
               EndColumn="terminatedoffset"
               DestinationColumn="Active"
               IsOperativeValue="true"
               IsNotOperativeValue="false" >
            </adapter>

Will be ale to test it tomorrow as there is not a valid date in the CS.

• Had a discussion with Peter and he has informed me that the end date is calculated on the wrong value;
• Edit the Adapter configuration by adding the following:

			<adapterEntityTransformationFactory name="Chain">
			  <outerAdapter name="TimeOffsetFlag"
				  DestinationColumn="Active"
				  EqualValue="false"
				  GreaterValue="true"
				  LesserValue="false"
				  NullValue="true"
				  Offset="1.00:00:00"
				  SourceColumn="occupanttodate" />
			  <innerAdapter name="Relational"
				  InputKey="hr_empl_code"
				  RelationshipConnectorId="{7786F7F8-EC47-4EA3-BA2A-C21D7AB61BE8}"
				  RelationshipKey="employee_code">
				<columnMappings>
				  <columnMapping
					  SourceAttribute="occupant_to_date"
					  TargetAttribute="occupanttodate" />
				</columnMappings>
			  </innerAdapter>
			</adapterEntityTransformationFactory>

			 <Adapter name="TimeOffset"
				  DestinationColumn="EndDate"
				  Offset="1.00:00:00"
				  SourceColumn="occupanttodate" />

• Edit the Empower MA:
o Define Object Person and add the following attributes:
 EndDate
 Active
o Create IAF for the Person object:
 EndDate  employeeEndDate
 Active  IsActive
• Run FI on the Empower MA; and
• Confirm that the Attributes are being populated.

Implemented in test on 2014-08-26:

• Document AD Sync rule flows and precedence rules;
• Backup the FIMService Database;
• Backup the FIMSynchronizationService Database;
• Implement changes for the AD MA Attribute flow as per Sync Rule Changes.xlsx and delete the Direct flows from the Synchronization rules in the FIM Portal;
• Disable the following MPRs:
  • ACG-Rename active AD accounts
  • ACG-Rename inactive AD accounts
• Create the following Synchronization rule:
  • ACG-ReEnable AD User:
    • Filter Criteria:
      • acgRegion startswith
      • acgIsActive = true
    • Outbound Flow:
      • IIF(IsPresent(AD-DN),IIF(Eq(AD-DN,"CN="Trim(LoginId)",OU=Disabled Accounts,OU=Staff,DC=ceocg,DC=acgnet"),"CN="Trim(LoginId)",OU=New,OU=Staff,DC=ceocg,DC=acgnet",AD-DN),"CN="Trim(LoginId)",OU=New,OU=Staff,DC=ceocg,DC=acgnet")  dn
      • IIF(Eq(UserAccountControl,514),512,IIF(Eq(UserAccountControl,546),544,IIF(Eq(UserAccountControl,66050),66048,UserAccountControl)))  userAccountcontrol
      • “false”  msExchHideFromAddressLists
    • Precedence Level = 3
  • ACG-Disable Ad User:
    • Filter Criteria:
      • acgRegion startswith
      • acgIsActive = false
    • Outbound Flow:
      • “CN=”+ Trim(LoginId) + “,OU=Disabled Accounts,OU=Staff,DC=ceocg,DC=acgnet” --> dn
      • IIF(Eq(userAccountControl,512),514,IIF(Eq(userAccountControl,544),546,IIF(Eq(userAccountControl,66048),66050,userAccountControl))) --> userAccountcontrol
      • “true” --> msExchHideFromAddressLists
    • Precedence level = 4
• Test Disablement ok.

Implemented into test 2014-08-27:

• Implement the following Advanced Export flow for AD:
  • Account Expires:

    			<flowrule name="AD_Export_AccountExpires" targetattribute="accountExpires" onfailedTransform="continue">
    			 <transformation priority="1">
    				 <attributeName>AD-DN</attributeName>
    				 <transformType>filter</transformType>
    				 <transformParameter>[attribute{employeeEndDate}][9999-01-01T00:00:00.000]</transformParameter>
    				 <filters switch="and">
    					 <filter priority="1">
    						 <attribute>employeeEndDate</attribute>
    						 <compareType>exists</compareType>
    						 <compareValue></compareValue>
    						 <default>False</default>
    					 </filter>
    				 </filters>
    			 </transformation>
    			 <transformation priority="2">
    				 <attributeName>outcome[1]</attributeName>
    				 <transformType>substring</transformType>
    				 <transformParameter>[0][10]</transformParameter>
    			 </transformation>
    			 <transformation priority="3">
    				 <attributeName>outcome[2]</attributeName>
    				 <transformType>toadtime</transformType>
    				 <transformParameter>[ymd][-][1.00:00]</transformParameter>
    			 </transformation>
    			 <transformation priority="4">
    				 <attributeName>AD-DN</attributeName>
    				 <transformType>filter</transformType>
    				 <transformParameter>[0][outcome{3}]</transformParameter>
    				 <filters switch="or">
    					 <filter priority="1">
    						 <attribute>employeeEndDate</attribute>
    						 <compareType>notexists</compareType>
    						 <compareValue></compareValue>
    						 <default>False</default>
    					 </filter>
    					 <filter priority="2">
    						 <attribute>employeeEndDate</attribute>
    						 <compareType>sw</compareType>
    						 <compareValue>9999</compareValue>
    						 <default></default>
    					 </filter>
    				 </filters>
    			 </transformation>
    		 </flowrule>
    

  • Transform the IsActive to ExtensionAttribute5:
    Old Rule

    Sync Rule = IIF(IsActive,"True","False") --> extensionAttribute5
    

    New rule:

    <flowrule name="AD_Export_IsActive" targetattribute="extensionAttribute5" onfailedTransform="continue">
        <transformation priority="1">
             <attributeName>IsActive</attributeName>
            <transformType>tostring</transformType>
            <transformParameter></transformParameter>
        </transformation>
    </flowrule>
    

• Delete the Syncrules:
  • ACG-Set DN for a user in AD
  • ACG-Inbound synchronisation of user accounts
• Remove the Direct Import flows on the Provisioning Sync Rule;
• Delete the following Workflows:
  • ACG-rename active AD user; and
  • ACG-Rename inactive AD user.
• Delete the following MPRs:
  • ACG-rename active AD user; and
  • ACG-Rename inactive AD user.

Implement and test the disablement in Test, still to be implemented into Production.

Changes successfully implemented into production.