[midPoint] Ennabling accounts in AD while importing from external resource

Fri May 22 14:12:29 CEST 2015

Hi. 

I have a troouble to configure first time user creation while importin from HR resource. We have in pur resource attribute which indicates if employee is hired or fired. And here the mapping of this attribute.
   <mapping>
      <authoritative>false</authoritative>
      <exclusive>true</exclusive>
      <source>
         <name>hrStatus</name>
         <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$user/extension/hrStatus</c:path>
      </source>
      <expression>
         <script>
            <code>
            import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
            return hrStatus.toString().equals('REJ')?ActivationStatusType.DISABLED:ActivationStatusType.ENABLED;
          </code>
         </script>
      </expression>
      <target>
         <c:path xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3">$user/activation/administrativeStatus</c:path>
      </target>
   </mapping>

It works fine. AdministrativeStatus in midpoint sets as needed. 
While creating user from HR resource we need to create account in AD. Accounts created but Administrative stutus of it is disabled. If I disable and then enable account in Midpoint the account in AD is anabled. 
What should I do to set right AdministrativeStatus in AD when account is creating?