<div dir="ltr">Yes I saw that yesterday as I was searching, I have been able to manually change effectiveStatus to enabled using the debug pages for each shadow that got disabled last week.<div><br></div><div>I still do not know why those 30 or so users had that value of disabled when there are other same type of users that has enabled instead.</div><div><br></div><div>Thanks Again!</div><div><br></div><div>JASON</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 2, 2015 at 2:17 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    Hi Jason,<br>
    <br>
    possibly related to <a href="https://jira.evolveum.com/browse/MID-2585" target="_blank">https://jira.evolveum.com/browse/MID-2585</a><span class="HOEnZb"><font color="#888888"><br>
    <br>
    I.</font></span><div><div class="h5"><br>
    <br>
    <div>On 10/01/2015 05:46 PM, Jason Everling
      wrote:<br>
    </div>
    <blockquote type="cite">
      <div dir="ltr">Oh I meant also in my resources, not the task
        directly,
        <div><br>
        </div>
        <div>Why does this have effectiveStatus disabled for the persons
          shadow? that timestamp is when the notification fired</div>
        <div><br>
        </div>
        <div>
          <div>   <activation></div>
          <div>     
            <administrativeStatus>enabled</administrativeStatus></div>
          <div>     
            <effectiveStatus>disabled</effectiveStatus></div>
          <div>     
<enableTimestamp>2015-09-29T12:30:23.392-05:00</enableTimestamp></div>
          <div>      <lockoutStatus>normal</lockoutStatus></div>
          <div>   </activation></div>
        </div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Thu, Oct 1, 2015 at 9:48 AM, Ivan
          Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div text="#000000" bgcolor="#FFFFFF"> Hi Jason,<br>
              <br>
              the configuration for administrativeStatus that I posted
              was not in the task, but in resource schema handling. I
              have multiple (all) resources with that configuration.<br>
              <br>
              I also remember that I also get "false" positives of
              changing administrativeStatus to ENABLED even if the
              account is already enabled; but I assumed that in my case
              it may be caused by the fact that I'm using strong
              mappings...<br>
              <br>
              ... which is not your case...<br>
              <br>
              I'm not sure if this is error or just false positive; I
              hope someone else may be able to answer this.<br>
              <br>
              Best regards,<br>
              Ivan
              <div>
                <div><br>
                  <br>
                  <div>On 10/01/2015 03:55 PM, Jason Everling wrote:<br>
                  </div>
                  <blockquote type="cite">
                    <div dir="ltr">No I don't have anything like that in
                      my recon task, no activation at all in it. This
                      happened again a few days ago when a value in my
                      CSV resource was modified for a user, their last
                      name which is "weak" so it did not update in
                      midpoint, and when I ran the audit report I saw
                      that it replaced ENABLED with ENABLED making it
                      look like they were "disabled" but they were not,
                      it just replaced enabled with enabled.
                      <div><br>
                      </div>
                      <div>I went further into my CSV resource and found
                        the below,</div>
                      <div><br>
                      </div>
                      <div>
                        <div>         <activation></div>
                        <div>            <administrativeStatus></div>
                        <div>               <inbound></div>
                        <div>                  <expression></div>
                        <div>                   
                           <value>enabled</value></div>
                        <div>                  </expression></div>
                        <div>               </inbound></div>
                        <div>            </administrativeStatus></div>
                        <div>         </activation></div>
                      </div>
                      <div><br>
                      </div>
                      <div>So I changed it and added the highlighted,</div>
                      <div><br>
                      </div>
                      <div>
                        <div>         <activation></div>
                        <div>            <administrativeStatus></div>
                        <div>               <inbound></div>
                        <div>                  <font color="#ff0000"><strength>weak</strength></font></div>
                        <div>                  <expression></div>
                        <div>                   
                           <value>enabled</value></div>
                        <div>                  </expression></div>
                        <div>               </inbound></div>
                        <div>            </administrativeStatus></div>
                        <div>         </activation></div>
                      </div>
                      <div><br>
                      </div>
                      <div>This might have been causing the false
                        positives as when an attribute was changed, even
                        if the attribute was "weak" it would still
                        replace "enabled" with "enabled" in the user
                        object causing a notification to fire.</div>
                      <div><br>
                      </div>
                      <div>So far after the change, a few days now, I
                        have not had the issue again,</div>
                      <div><br>
                      </div>
                      <div>Maybe this is not the cause? But I will keep
                        an eye on it, I have notifications going to my
                        email so I will be able to see if it happens
                        again before I let the notifications go out to
                        the users.</div>
                      <div><br>
                      </div>
                      <div>JASON</div>
                    </div>
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">On Thu, Oct 1, 2015 at
                        5:31 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank"></a><a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                          <div text="#000000" bgcolor="#FFFFFF"> Hi
                            Jason,<br>
                            <br>
                            I have encountered similar behaviour -
                            reconciliation or recompute task (or
                            reconcile checkbox) disabled accounts that
                            were not provided by roles.<br>
                            <br>
                            This happened after migration from 3.0.x
                            -> 3.3-snapshot and with the following
                            configuration in resource (see bold text):<br>
                            <br>
                                            <activation><br>
                                                <existence><br>
                                                    <outbound><br>
                                           
                            <strength>weak</strength><br>
                                                       
                            <expression><br>
                                                           
                            <path>$focusExists</path><br>
                                                       
                            </expression><br>
                                                    </outbound><br>
                                            </existence><br>
                                            <administrativeStatus><br>
                                                <outbound><br>
                                                   
                            <strength>strong</strength><br>
                            <!-- XXX to allow to disable when
                            removing roles by recomputing users; but<br>
                            enforcement MUST be set to FULL for this to
                            work --><br>
                                                    <expression><br>
                                                        <script><br>
                                                            <code><br>
                                                                import
com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;<br>
                            <b>                                    if
                              (legal &amp;&amp; assigned) { //
                              previously only "legal" was used</b><b><br>
                            </b>                                       
                            input;<br>
                                                                } else {<br>
                                                                   
                            ActivationStatusType.DISABLED;<br>
                                                                }<br>
                                                           
                            </code><br>
                                                        </script><br>
                                                    </expression><br>
                                                </outbound><br>
                                           
                            </administrativeStatus><br>
                            </activation><br>
                            <br>
                            Are you using this config too?<br>
                            <br>
                            Regard,<br>
                            I.
                            <div>
                              <div><br>
                                <br>
                                <div>On 09/25/2015 05:58 PM, Jason
                                  Everling wrote:<br>
                                </div>
                              </div>
                            </div>
                            <blockquote type="cite">
                              <div>
                                <div>
                                  <div dir="ltr">I found out why!
                                    <div><br>
                                    </div>
                                    <div>So if these users did not have
                                      any role assigned then their GUI
                                      accounts were being disabled.</div>
                                    <div><br>
                                    </div>
                                    <div>Strange though, this did not
                                      happen in 3.1.1, so maybe there
                                      was a bug in 3.1.1 related to
                                      that?</div>
                                    <div><br>
                                    </div>
                                    <div>JASON</div>
                                  </div>
                                  <div class="gmail_extra"><br>
                                    <div class="gmail_quote">On Fri, Sep
                                      25, 2015 at 10:08 AM, Jason
                                      Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank"></a><a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span>
                                      wrote:<br>
                                      <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                        <div dir="ltr">I have a recon
                                          task that runs every night and
                                          after I updated us to 3.2 the
                                          task last night disabled about
                                          30 accounts, only their GUI
                                          account and not all their
                                          other resource accounts.
                                          <div><br>
                                          </div>
                                          <div>It should have never
                                            disabled their accounts, I
                                            cannot figure out why that
                                            happened and even within the
                                            resource there is nothing
                                            stated to inactivate or
                                            anything, this same
                                            task/resource has been
                                            running every night for
                                            about 3 weeks now and this
                                            is the first time this
                                            happened,</div>
                                          <div><br>
                                          </div>
                                          <div>Thanks!</div>
                                          <span><font color="#888888">
                                              <div>
                                                <div><br>
                                                </div>
                                                -- <br>
                                                <div>
                                                  <div dir="ltr">JASON</div>
                                                </div>
                                              </div>
                                            </font></span></div>
                                      </blockquote>
                                    </div>
                                    <br>
                                    <br clear="all">
                                    <div><br>
                                    </div>
                                    -- <br>
                                    <div>
                                      <div dir="ltr">JASON</div>
                                    </div>
                                  </div>
                                  <br>
                                </div>
                              </div>
                              <font size="2"><br>
                                <br>
                                <span> CONFIDENTIALITY NOTICE:<br>
                                  This e-mail together with any
                                  attachments is proprietary and
                                  confidential; intended for only the
                                  recipient(s) named above and may
                                  contain information that is
                                  privileged. You should not retain,
                                  copy or use this e-mail or any
                                  attachments for any purpose, or
                                  disclose all or any part of the
                                  contents to any person. Any views or
                                  opinions expressed in this e-mail are
                                  those of the author and do not
                                  represent those of the Baptist School
                                  of Health Professions. If you have
                                  received this e-mail in error, or are
                                  not the named recipient(s), you are
                                  hereby notified that any review,
                                  dissemination, distribution or copying
                                  of this communication is prohibited by
                                  the sender and to do so might
                                  constitute a violation of the
                                  Electronic Communications Privacy Act,
                                  18 U.S.C. section 2510-2521. Please
                                  immediately notify the sender and
                                  delete this e-mail and any attachments
                                  from your computer. </span></font><br>
                              <span> <br>
                                <fieldset></fieldset>
                                <br>
                                <pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
                              </span></blockquote>
                            <span><font color="#888888"> <br>
                                <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  <a href="http://evolveum.com" target="_blank">evolveum.com</a>                     <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  ___________________________________________________
  "Semper Id(e)M Vix."
</pre>
                              </font></span></div>
                          <br>
_______________________________________________<br>
                          midPoint mailing list<br>
                          <a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
                          <a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
                          <br>
                        </blockquote>
                      </div>
                      <br>
                      <br clear="all">
                      <div><br>
                      </div>
                      -- <br>
                      <div>
                        <div dir="ltr">JASON</div>
                      </div>
                    </div>
                    <br>
                    <font size="2"><br>
                      <br>
                      CONFIDENTIALITY NOTICE:<br>
                      This e-mail together with any attachments is
                      proprietary and confidential; intended for only
                      the recipient(s) named above and may contain
                      information that is privileged. You should not
                      retain, copy or use this e-mail or any attachments
                      for any purpose, or disclose all or any part of
                      the contents to any person. Any views or opinions
                      expressed in this e-mail are those of the author
                      and do not represent those of the Baptist School
                      of Health Professions. If you have received this
                      e-mail in error, or are not the named
                      recipient(s), you are hereby notified that any
                      review, dissemination, distribution or copying of
                      this communication is prohibited by the sender and
                      to do so might constitute a violation of the
                      Electronic Communications Privacy Act, 18 U.S.C.
                      section 2510-2521. Please immediately notify the
                      sender and delete this e-mail and any attachments
                      from your computer. </font><br>
                    <br>
                    <fieldset></fieldset>
                    <br>
                    <pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
                  </blockquote>
                  <br>
                  <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  <a href="http://evolveum.com" target="_blank">evolveum.com</a>                     <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  ___________________________________________________
  "Semper Id(e)M Vix."
</pre>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            midPoint mailing list<br>
            <a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
            <a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
            <br>
          </blockquote>
        </div>
        <br>
        <br clear="all">
        <div><br>
        </div>
        -- <br>
        <div>
          <div dir="ltr">JASON</div>
        </div>
      </div>
      <br>
      <font size="2"><br>
        <br>
        CONFIDENTIALITY NOTICE:<br>
        This e-mail together with any attachments is proprietary and
        confidential; intended for only the recipient(s) named above and
        may contain information that is privileged. You should not
        retain, copy or use this e-mail or any attachments for any
        purpose, or disclose all or any part of the contents to any
        person. Any views or opinions expressed in this e-mail are those
        of the author and do not represent those of the Baptist School
        of Health Professions. If you have received this e-mail in
        error, or are not the named recipient(s), you are hereby
        notified that any review, dissemination, distribution or copying
        of this communication is prohibited by the sender and to do so
        might constitute a violation of the Electronic Communications
        Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
        notify the sender and delete this e-mail and any attachments
        from your computer. </font><br>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <br>
    <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer & IDM Architect
  <a href="http://evolveum.com" target="_blank">evolveum.com</a>                     <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  ___________________________________________________
  "Semper Id(e)M Vix."
</pre>
  </div></div></div>

<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">JASON</div></div>
</div>

<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>