<div dir="ltr">I am interested in what you are experiencing also. Ours seems to be working as expected, I checked multiple accounts in AD that were disabled in midpoint and they are correct with 0x202 (Disabled, Normal Account). Although I have been using the below but not sure how different that is from Ivan's,<div><br></div><div><div> <activation></div><div> <administrativeStatus></div><div> <outbound></div><div> <expression></div><div> <asIs/></div><div> </expression></div><div> </outbound></div><div> <inbound></div><div> <expression></div><div> <asIs/></div><div> </expression></div><div> </inbound></div><div> </administrativeStatus></div><div> </activation></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr">JASON</div></div></div>
<br><div class="gmail_quote">On Wed, Mar 23, 2016 at 8:50 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Hi Patrick,<br>
<br>
are you using the mapping like this?<br>
<br>
<activation><br>
<administrativeStatus><br>
<outbound/><br>
</administrativeStatus><br>
</activation><br>
<br>
This is everything you need to map midPoint's administrativeStatus
attribute from User to AD account flag "disabled".<span class="HOEnZb"><font color="#888888"><br>
<br>
Ivan</font></span><div><div class="h5"><br>
<br>
<div>On 03/23/2016 02:43 PM, Schlehuber,
Patrick wrote:<br>
</div>
<blockquote type="cite">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I
am wanting to manage the ACCOUNTDISABLE flag , 0x0002. This
does not work as I expect when I utilize the
activation/administrativeStatus<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Pat<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">
Jason Everling [<a href="mailto:jeverling@bshp.edu" target="_blank">mailto:jeverling@bshp.edu</a>]
<br>
<b>Sent:</b> Tuesday, March 22, 2016 4:13 PM<br>
<b>To:</b> midPoint General Discussion
<a href="mailto:midpoint@lists.evolveum.com" target="_blank"><midpoint@lists.evolveum.com></a><br>
<b>Subject:</b> Re: [midPoint] Active Directory
userAccountControl modification problem<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">I<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<u></u><u></u></p>
<div>
<div>
<div>
<p class="MsoNormal">JASON<u></u><u></u></p>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On Tue, Mar 22, 2016 at 4:08 PM, Ivan
Noris <<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>>
wrote:<u></u><u></u></p>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<p class="MsoNormal">Hi Patrick,<br>
<br>
what are you trying to achieve?<br>
Active Directory connector allows you to interact with
userAccountControl by using the following "virtual"
attributes:<br>
- passwordExpired (icfs:passwordExpired)<br>
- PasswordNeverExpires (ri:PasswordNeverExpires)<br>
<br>
and of course the activation/administrativeStatus<br>
<br>
If you need to update the other bits of
userAccountControl, I'm not sure AD connector is
capable of doing this.<br>
<br>
I have never tried/needed to directly modify
userAccountControl yet.<br>
<br>
Regards,<br>
Ivan<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On 03/22/2016 08:11 PM,
Schlehuber, Patrick wrote:<u></u><u></u></p>
</div>
</div>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal">I
am wanting to modify the userAccountControl
attribute on an account that is visible by
my AD resource. I have extended the AD schema
and added the attribute, I do see this
attribute populated correctly when I view an
AD account. When I try to change this
attribute I receive the following error:<u></u><u></u></p>
<p class="MsoNormal">I
have tried changing the Resource definition to
make this attribute, string, int, long,
base64Binary all with the same result. What am
I missing to make this attribute modifiable
within midPoint?<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">ConnectorServer.exe
Error: 0 : Exception :<u></u><u></u></p>
<p class="MsoNormal">Type:
System.InvalidCastException<u></u><u></u></p>
<p class="MsoNormal">Message:
Specified cast is not valid.<u></u><u></u></p>
<p class="MsoNormal">Source:
FrameworkInternal<u></u><u></u></p>
<p class="MsoNormal">Stacktrace:
<u></u><u></u></p>
<p class="MsoNormal"> at
Org.IdentityConnectors.ActiveDirectory.CustomAttributeHandlers.UpdateDeFromCa_PasswordNeverExpires(ObjectClass
oclass, UpdateType type, DirectoryEntry
directoryEntry, ConnectorAttribute attribute)
<u></u><u></u></p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\CustomAttributeHandlers.cs:line
667<u></u><u></u></p>
<p class="MsoNormal">
at
Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryUtils.UpdateADObject(ObjectClass
oclass, DirectoryEntry directoryEntry,
ICollection`1 attributes, UpdateType type,
ActiveDirectoryConfiguration config) <u></u><u></u></p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryUtils.cs:line
258<u></u><u></u></p>
<p class="MsoNormal">
at
Org.IdentityConnectors.ActiveDirectory.ActiveDirectoryConnector.Update(UpdateType
type, ObjectClass oclass, ICollection`1
attributes, OperationOptions options)
<u></u><u></u></p>
<p class="MsoNormal"> in
d:\midpoint\tgit\openicf\connectors\dotnet\ActiveDirectoryConnector\ActiveDirectoryConnector.cs:line
1091<u></u><u></u></p>
<p class="MsoNormal">
at
Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.UpdateImpl.AddAttributeValues(ObjectClass
objectClass, Uid uid, ICollection`1
valuesToAdd, OperationOptions options)
<u></u><u></u></p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
1712<u></u><u></u></p>
<p class="MsoNormal">
at
Org.IdentityConnectors.Framework.Impl.Api.Local.Operations.ConnectorAPIOperationRunnerProxy.Invoke(Object
proxy, MethodInfo method, Object[] args)
<u></u><u></u></p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\ApiLocalOperations.cs:line
247<u></u><u></u></p>
<p class="MsoNormal">
at ___proxy1.AddAttributeValues(ObjectClass ,
Uid , ICollection`1 , OperationOptions )<u></u><u></u></p>
<p class="MsoNormal">
at
Org.IdentityConnectors.Framework.Impl.Api.DelegatingTimeoutProxy.Invoke(Object
proxy, MethodInfo method, Object[] args)
<u></u><u></u></p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Api.cs:line
1344<u></u><u></u></p>
<p class="MsoNormal">
at ___proxy1.AddAttributeValues(ObjectClass ,
Uid , ICollection`1 , OperationOptions )<u></u><u></u></p>
<p class="MsoNormal">
at
Org.IdentityConnectors.Framework.Impl.Server.ConnectionProcessor.ProcessOperationRequest(OperationRequest
request)
<u></u><u></u></p>
<p class="MsoNormal"> in
c:\Users\Pavol\Documents\GitHub\ConnId\dotnet\FrameworkInternal\Server.cs:line
626<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">Thank
you,<u></u><u></u></p>
<p class="MsoNormal">Pat<u></u><u></u></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
</div>
</div>
<pre>_______________________________________________<u></u><u></u></pre>
<pre>midPoint mailing list<u></u><u></u></pre>
<pre><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><u></u><u></u></pre>
<pre><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e=" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><span style="color:#888888"><u></u><u></u></span></span></pre>
</blockquote>
<p class="MsoNormal"><span style="color:#888888"><br>
<br>
<span><u></u><u></u></span></span></p>
<pre><span style="color:#888888">-- <u></u><u></u></span></pre>
<pre><span style="color:#888888"> Ing. Ivan Noris<u></u><u></u></span></pre>
<pre><span style="color:#888888"> Senior Identity Management Engineer & IDM Architect<u></u><u></u></span></pre>
<pre><span style="color:#888888"> <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=X8dEdktGj2pFTYawSZfP6ffysQb2h9BejafUZknuC8M&e=" target="_blank">evolveum.com</a> <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__evolveum.com_blog_&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=aOup83RaVPRUu_STYIzWR_Y3odDB3ZMn8PvjT1UufZU&e=" target="_blank">evolveum.com/blog/</a><u></u><u></u></span></pre>
<pre><span style="color:#888888"> ___________________________________________________<u></u><u></u></span></pre>
<pre><span style="color:#888888"> "Semper ID(e)M Vix."<u></u><u></u></span></pre>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.evolveum.com_mailman_listinfo_midpoint&d=BQMFaQ&c=8hUWFZcy2Z-Za5rBPlktOQ&r=iXq2t42tOKnUMAv8iP_A7TezRYjTq_aHZvlIZHBWsnc&m=jgt9Ei1bRa6ZyqHcG4JfjzGpu6SXg7sS7K5BEyJKyvY&s=YHVOaiCU4W0n7sPOVpEpcuz5miL7XRU4U_vv0io4sTQ&e=" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal"><br>
<span style="font-size:10.0pt"><br>
<br>
CONFIDENTIALITY NOTICE:<br>
This e-mail together with any attachments is proprietary and
confidential; intended for only the recipient(s) named above
and may contain information that is privileged. You should
not retain, copy or use this e-mail or any attachments for
any purpose, or disclose all or any part of the contents to
any person. Any views or opinions expressed in this e-mail
are those of the author and do not represent those of the
Baptist School of Health Professions. If you have received
this e-mail in error, or are not the named recipient(s), you
are hereby notified that any review, dissemination,
distribution or copying of this communication is prohibited
by the sender and to do so might constitute a violation of
the Electronic Communications Privacy Act, 18 U.S.C. section
2510-2521. Please immediately notify the sender and delete
this e-mail and any attachments from your computer.
</span><u></u><u></u></p>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
<pre cols="72">--
Ing. Ivan Noris
Senior Identity Management Engineer & IDM Architect
<a href="http://evolveum.com" target="_blank">evolveum.com</a> <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
___________________________________________________
"Semper ID(e)M Vix."
</pre>
</div></div></div>
<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>
<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>