AD-user deletes are not mirrored in eDirectory. the event should result
in disabling and removing of that driverīs association (edir

here iīm interested in checking on occurence of a delete-event in AD on
non-associated users if that user-object in eDir is already disabled .
in case the user is still logindisabled!=true the account should be
disabled in eDir. for the modify of the "Login Disabled" Attribute in
eDirectory i need an association in advance, so i did three direct
commands to get the user disabled and veto the operation after that.

this is working, but could that be done any nicer?

<do-add-association direct="true" when="direct">
<token-text xml:space="preserve">\</token-text>
<token-global-variable name="gcv_myTree"/>
<token-text xml:space="preserve">\something\</token-text>
<token-global-variable name="gcv-2"/>
<token-local-variable name="var_stripped_src_dn"/>
<do-set-dest-attr-value name="Login Disabled" class-name="User" direct="true" when="direct">
<do-remove-association direct="true" when="direct">
<do-trace-message color="blue" level="0">
<token-text>User Deletion in AD on non-associated eDir-User: logindisabled on CN: </token-text>
<token-local-variable name="var_stripped_src_dn"/>
<token-text> is set to "true"</token-text>

var_stripped_src_dn is CN: <token-xpath
from <delete event-id="driverxyz##125d9ebad51##0"
Objects,DC=DC1">. eg: 'user1'

thanks in advance, florian

florianz's Profile:
View this thread: