Can anyone provide some feedback on an issue I’m seeing in my Identity
Vault and AD Driver? Running latest version 3.5.1 and have encounter
issues with my new AD Driver on loopback problems. As you might know,
the AD driver by default doesn’t provide lookback protection (that I
know of). The default filter settings were set to “reset”, but notice
that certain attributes cause major loopback problems. I’ve since
changed all attributes to “ignore” on the pub channel with the
exception like login disabled and nspmDistributionPassword.

We have some issues were data has changed in the target active
directory environment even if guidelines outline no user information
will not be changed. This is a different issue/problem I’m working with
management on. Management has asked switch back to “reset” on the AD
driver so that if any data is modified/changed its reset back.

Second, during the creation of user profiles in AD we completed a full
migration of user objects from the Identity Vault to the new target
active directory to populate data. At some point, an outside source has
modified the user attributes which caused a mismatch between the vault
and AD. I’ve noticed that if any user information is updated in the
Identity vault that flows down to AD this causes an LDAP error message.
After doing additional research, the update of attributes seems to do a
complete a read and compare before removing the old value and replacing
with the new value.

Can this be changed with new policies to overwrite the values even if
the values don’t match the identity vault?

rsw4723's Profile:
View this thread: