<div dir="ltr">Ok thanks for the info, I too was thinking about just removing the outbounds temporarily then adding them back afterwards. Our AD is our main directory, I do want two-way sync after the initial import but I just don't want to modify during the initial import.<div><br></div><div>After I get the accounts imported I will then add our CSV resource from our SIS system which will be authoritative on who gets assigned what, who gets disabled/enabled, update out of date attributes, and where accounts are placed in orgs, so I plan on doing a reconcile after I add it which I am expecting to make a lot of changes to users since I know there are plenty of accounts that need to be updated.</div><div><br></div><div>After those two are done I can add my other DB resources which are mainly outbound.</div><div><br></div><div>I have done extensive testing so I am pretty sure that even without removing the outbounds it would be very little that gets modified but I want to be 100% sure it goes as smoothly as possible</div><div><br></div><div>Thanks!</div><div>JASON</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 25, 2015 at 2:07 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hi Jason,<br>
<br>
yes, if there are inbound mappings, they will be evaluated and
attributes can be modified back in the "source" resource according
to the mappings.<br>
<br>
As a "hack" you can temporarily modify your resource settings by
commenting out all the outbounds and keep only inbounds. I usually
create a copy of the resource XML file and modify according to my
needs. After the import is done, you can reimport your original XML
resource which will have the outbounds. Sometimes I also change the
name (not oid) of the resource e.g. "AD - recon only" in the second
XML file to be sure what I'm using when I'm in GUI.<br>
<br>
If this resource will be used for import, and then it becomes a
target resource, then <i>probably</i> you need only inbounds during
import and only outbounds afterwards...<br>
<br>
I'm doing a lot of reconciliations these days (connecting more
target systems) and I keep watching the email notifications during
recon - because the data ARE changing back on the reconciled
resource (e.g. the email address is copied from midPoint there
replacing the original one), or accounts are being disabled if users
in midPoint are disabled etc. In my case it's ok, because policy
from midPoint is applied to these target systems. During the initial
import it's probably safer to have only inbounds unless you need to
modify some attribute back.<br>
<br>
Take care especially for your <credentials> mapping.<br>
<br>
Regards,<br>
Ivan<div><div class="h5"><br>
<br>
<div>On 06/24/2015 08:03 PM, Pavol Mederly
wrote:<br>
</div>
<blockquote type="cite">
<div>Hello Jason,<br>
<br>
I would recommend import as the first step. However, concerning
your last question, beware: <br>
<br>
The import <b>can</b> modify your AD accounts, if there are any
outbound mappings. <br>
<br>
(Maybe Ivan could provide you with more detailed explanation.)<br>
<br>
Regards,<br>
Pavol<br>
<br>
<br>
On 24. 6. 2015 19:36, Jason Everling wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Should I do the import task or a recon task to
add all the initial accounts from AD? Currently, there are not
any accounts in midpoint, AD is the main repo for accounts
that will be used to create all the accounts in midpoint.
<div><br>
</div>
<div>Should it be a import task to import all the accounts or
recon? I am thinking that import sounds better and then
recon after i add my other resources?</div>
<div><br>
</div>
<div>Does import modify the accounts in AD as they are getting
imported into midpoint?</div>
<div><br>
</div>
<div>JASON</div>
</div>
<br>
<font size="2"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above
and may contain information that is privileged. You should not
retain, copy or use this e-mail or any attachments for any
purpose, or disclose all or any part of the contents to any
person. Any views or opinions expressed in this e-mail are
those of the author and do not represent those of the Baptist
School of Health Professions. If you have received this e-mail
in error, or are not the named recipient(s), you are hereby
notified that any review, dissemination, distribution or
copying of this communication is prohibited by the sender and
to do so might constitute a violation of the Electronic
Communications Privacy Act, 18 U.S.C. section 2510-2521.
Please immediately notify the sender and delete this e-mail
and any attachments from your computer. </font><br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</div></div><span class="HOEnZb"><font color="#888888"><pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper Id(e)M Vix."
</pre>
</font></span></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>