<div dir="ltr">Oops, typed to fast on that last one.<div><br></div><div>It might work the same for userAccountControl but I was able to directly modify the group types for Roles to AD groups by sending over the integer value like the below, maybe you could try it that way</div><div><br></div><div><pre style="margin-top:0px;margin-bottom:0px;padding:0px;font-family:Consolas,Menlo,'Liberation Mono',Courier,monospace;font-size:12px;line-height:1.4;color:rgb(51,51,51)"> <span class="" style="color:navy"><attribute></span>
<a name="BSHP_ad_full_with_tasks.xml-836" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"><ref></span>ri:groupType<span class="" style="color:navy"></ref></span>
<a name="BSHP_ad_full_with_tasks.xml-837" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"><outbound></span>
<a name="BSHP_ad_full_with_tasks.xml-838" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"><strength></span>strong<span class="" style="color:navy"></strength></span>
<a name="BSHP_ad_full_with_tasks.xml-839" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"><source></span>
<a name="BSHP_ad_full_with_tasks.xml-840" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"><path></span>roleType<span class="" style="color:navy"></path></span>
<a name="BSHP_ad_full_with_tasks.xml-841" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"></source></span>
<a name="BSHP_ad_full_with_tasks.xml-842" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"><expression></span>
<a name="BSHP_ad_full_with_tasks.xml-843" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"><script></span>
<a name="BSHP_ad_full_with_tasks.xml-844" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"><code></span>
<a name="BSHP_ad_full_with_tasks.xml-845" style="color:rgb(53,114,176)"></a> tmpType = '-2147483646'
<a name="BSHP_ad_full_with_tasks.xml-846" style="color:rgb(53,114,176)"></a> switch (roleType) {
<a name="BSHP_ad_full_with_tasks.xml-847" style="color:rgb(53,114,176)"></a> case 'security':
<a name="BSHP_ad_full_with_tasks.xml-848" style="color:rgb(53,114,176)"></a> tmpType = '-2147483646'
<a name="BSHP_ad_full_with_tasks.xml-849" style="color:rgb(53,114,176)"></a> break
<a name="BSHP_ad_full_with_tasks.xml-850" style="color:rgb(53,114,176)"></a> case 'distribution':
<a name="BSHP_ad_full_with_tasks.xml-851" style="color:rgb(53,114,176)"></a> tmpType = '8'
<a name="BSHP_ad_full_with_tasks.xml-852" style="color:rgb(53,114,176)"></a> break
<a name="BSHP_ad_full_with_tasks.xml-853" style="color:rgb(53,114,176)"></a> default:
<a name="BSHP_ad_full_with_tasks.xml-854" style="color:rgb(53,114,176)"></a> tmpType = '-2147483646'
<a name="BSHP_ad_full_with_tasks.xml-855" style="color:rgb(53,114,176)"></a> }
<a name="BSHP_ad_full_with_tasks.xml-856" style="color:rgb(53,114,176)"></a> return tmpType
<a name="BSHP_ad_full_with_tasks.xml-857" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"></code></span>
<a name="BSHP_ad_full_with_tasks.xml-858" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"></script></span>
<a name="BSHP_ad_full_with_tasks.xml-859" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"></expression></span>
<a name="BSHP_ad_full_with_tasks.xml-860" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"></outbound></span>
<a name="BSHP_ad_full_with_tasks.xml-861" style="color:rgb(53,114,176)"></a> <span class="" style="color:navy"></attribute></span></pre></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr">JASON</div></div></div>
<br><div class="gmail_quote">On Tue, Mar 22, 2016 at 4:13 PM, Jason Everling <span dir="ltr"><<a href="mailto:jeverling@bshp.edu" target="_blank">jeverling@bshp.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I</div><div class="gmail_extra"><span class="HOEnZb"><font color="#888888"><br clear="all"><div><div><div dir="ltr">JASON</div></div></div></font></span><div><div class="h5">
<br><div class="gmail_quote">On Tue, Mar 22, 2016 at 4:08 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Hi Patrick,<br>
<br>
what are you trying to achieve?<br>
Active Directory connector allows you to interact with
userAccountControl by using the following "virtual" attributes:<br>
- passwordExpired (icfs:passwordExpired)<br>
- PasswordNeverExpires (ri:PasswordNeverExpires)<br>
<br>
and of course the activation/administrativeStatus<br>
<br>
If you need to update the other bits of userAccountControl, I'm not
sure AD connector is capable of doing this.<br>
<br>
I have never tried/needed to directly modify userAccountControl yet.<br>
<br>
Regards,<br>
Ivan<div><div><br>
<br>
<div>On 03/22/2016 08:11 PM, Schlehuber,
Patrick wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div>
<div>
<p class="MsoNormal">I am wanting to modify the
userAccountControl attribute on an account that is visible
by my AD resource. I have extended the AD schema and added
the attribute, I do see this attribute populated correctly
when I view an AD account. When I try to change this attribute
I receive the following error:<u></u><u></u></p>
<p class="MsoNormal">I have tried changing the Resource
definition to make this attribute, string, int, long,
base64Binary all with the same result. What am I missing to
make this attribute modifiable within midPoint?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">ConnectorServer.exe Error: 0 : Exception :<u></u><u></u></p>
<p class="MsoNormal">Type: System.InvalidCastException<u></u><u></u></p>
<p class="MsoNormal">Message: Specified cast is not valid.<u></u><u></u></p>
<p class="MsoNormal">Source: FrameworkInternal<u></u><u></u></p>
<p class="MsoNormal">Stacktrace: <u></u><u></u></p>
<p class="MsoNormal"> at
Org.IdentityConnectors.ActiveDirectory.CustomAttributeHandlers.UpdateDeFromCa_PasswordNeverExpires(ObjectClass
oclass, UpdateType type, DirectoryEntry directoryEntry,
ConnectorAttribute attribute)
<u></u><u></u></p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\CustomAttributeHandlers.cs:line
667<u></u><u></u></p>
<p class="MsoNormal"> at
Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.UpdateADObject(ObjectClass
oclass, DirectoryEntry directoryEntry, ICollection`1
attributes, UpdateType type, ActiveDirectoryConfiguration
config)
<u></u><u></u></p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line
258<u></u><u></u></p>
<p class="MsoNormal"> at
Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Update(UpdateType
type, ObjectClass oclass, ICollection`1 attributes,
OperationOptions options)
<u></u><u></u></p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line
1091<u></u><u></u></p>
<p class="MsoNormal"> at
Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.AddAttributeValues(ObjectClass
objectClass, Uid uid, ICollection`1 valuesToAdd,
OperationOptions options)
<u></u><u></u></p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
1712<u></u><u></u></p>
<p class="MsoNormal"> at
Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object
proxy, MethodInfo method, Object[] args)
<u></u><u></u></p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
247<u></u><u></u></p>
<p class="MsoNormal"> at
___proxy1.AddAttributeValues(ObjectClass , Uid , ICollection`1
, OperationOptions )<u></u><u></u></p>
<p class="MsoNormal"> at
Org.IdentityConnectors.Framework.Impl.Api.DelegatingTimeoutProxy.Invoke(Object
proxy, MethodInfo method, Object[] args)
<u></u><u></u></p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Api.cs:line
1344<u></u><u></u></p>
<p class="MsoNormal"> at
___proxy1.AddAttributeValues(ObjectClass , Uid , ICollection`1
, OperationOptions )<u></u><u></u></p>
<p class="MsoNormal"> at
Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest
request)
<u></u><u></u></p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Server.cs:line
626<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thank you,<u></u><u></u></p>
<p class="MsoNormal">Pat<u></u><u></u></p>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><font color="#888888">
</font></span></pre><span><font color="#888888">
</font></span></blockquote><span><font color="#888888">
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</font></span></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div></div></div>
</blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>