[midPoint] Active Directory - manager Attribute

Tue Dec 15 14:53:02 CET 2020

Hi Daniel

I am not a Coder. But I tried to resolve a similar situation as follows:

Step 1
In my HR system, I have a unique identifier for each person. This person
identifier I put in the employeeID field in the properties of each person's
account in Active Directory through a script in powershell.

Ex:
HR System
Employee Name: Sara
Employee ID: 14769224206
Employee Manager: Sara

Employee Name: Joe
Employee ID: 25670335317
Manager: Maria

Step2
For each person in my HR system I search ( powershell script) Active
Directory and inform the person's unique identifier and if I find it, I
take the information from the Manager field and add it to the CSV file that
I will import in Midpoint.
Ex:
Employee ID = 25670335317
ManagerCN = CN = sara, OU = employee, OU = users, DC = xyz, DC = net

Step 3
I created an additional field in Midpoint (through the custom schema
process - XSD) called ManagerCN. In this field I record the information in
the ManagerCN field of the CSV file.
When creating an account in Active Directory I inform all the necessary
data including the Manager information of each person.

I believe that there must be a simpler way to achieve this goal, but as I
said I am not a Coder so the way I found it was this, I hope it helps in
your implementations.

Regards

Gus

Em seg., 14 de dez. de 2020 às 12:27, Macias, Daniel via midPoint <
midpoint at lists.evolveum.com> escreveu:

> Hello,
>
>
>
> Running version midPoint 4.2
>
>
>
> I’m trying to pass over to AD the DN of the manager but I’m having a bit
> of a hard time during. AD requires this attribute to be a distinguishedName
> but HR can only provide employee number, full name, or email.
>
>
>
> How can I fetch the DN of the manager from midPoint (I’m also storing the
> User’s DN on a custom attribute) from the HR Data reference and populated
> in the user object?
>
>
>
> Also, is there a way to automatically assign the defined manager in AD as
> manager of an ORG in midPoint or is this a manual process?
>
>
>
> Please advise.
>
>
>
> Thanks in advance.
>
>
>
> *Daniel M.*
>
>
> ------------------------------
> This communication is intended only for the use of the individual or
> entity named as the addressee. It may contain information that is
> privileged and/or confidential under applicable law. If you are not the
> intended recipient or such recipient's employee or agent, you are hereby
> notified that any dissemination, copy or disclosure of this communication
> is strictly prohibited. If you have received this communication in error,
> please immediately notify CareCentrix Compliance Hot Line at (877) 848-8229
> and notify the sender by electronic mail. Please delete this communication
> without making any copies. Thank you for your cooperation.
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20201215/8a814636/attachment.htm>