<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mv="http://macVmlSchemaUri" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Courier New";
panose-1:2 7 3 9 2 2 5 2 4 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Century Gothic";
panose-1:2 11 5 2 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Calibri;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle18
{mso-style-type:personal;
font-family:Calibri;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Courier;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:595.0pt 842.0pt;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1031"/>
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1"/>
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Hi Ivan,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">So this is the main meta role we use to determine which Domain an account belongs to.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> oid="aef77645-a406-4598-be2e-6c7217944fe1"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> version="74"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <name>Metarole for groups</name><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <createTimestamp>2016-07-01T13:16:03.549Z</createTimestamp><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <creatorRef oid="a507b312-69a5-422a-852a-3d1d5f1f02b9" type="c:UserType"><!-- admin.dm --></creatorRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <createChannel>http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImport</createChannel><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </metadata><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <inducement id="1"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <resourceRef oid="58535b46-2326-4b4e-9d9c-67c8cfa8fdfa" type="c:ResourceType"><!-- Active Directory eu1.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:path>$immediateRole/roleType</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <code>roleType != "system"</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <inducement id="2"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <resourceRef oid="58535b46-2326-4b4e-9d9c-67c8cfa8fdfa" type="c:ResourceType"><!-- Active Directory eu1.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>account</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>user</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:ref>ri:group</c:ref><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <order>2</order><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:path>$user/organizationalUnit</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <code>organizationalUnit.toString() == 'Employees Delft' || organizationalUnit.toString() == 'Employees Milton Keynes' || organizationalUnit.toString() == 'Employees Maarssen' || organizationalUnit.toString()
== 'Employees Borlange' || organizationalUnit.toString() == 'Contractors EXLRT' || organizationalUnit.toString() == 'Contractors EU' || organizationalUnit.toString() == 'Customers EU'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <inducement id="4"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <resourceRef oid="f8939b78-2bd6-4eb4-b886-548b414ae9ff" type="c:ResourceType"><!-- Active Directory NA1.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>account</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>user</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:ref>ri:group</c:ref><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <order>2</order><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:path>$user/organizationalUnit</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <code>organizationalUnit.toString() == 'Employees DC' || organizationalUnit.toString() == 'Employees Richmond' || organizationalUnit.toString() == 'Contractors USEast' || organizationalUnit.toString()
== 'Customers USEast'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <inducement id="6"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <resourceRef oid="9ebeffc4-d1ce-4e6e-8077-4a77883cb04f" type="c:ResourceType"><!-- Active Directory NA2.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>account</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>user</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:ref>ri:group</c:ref><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </projectionDiscriminator><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </associationFromLink><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </outbound><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </association><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <order>2</order><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:path>$immediateRole/organizationalUnit</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <code>organizationalUnit.toString() == 'Employees Seattle' || organizationalUnit.toString() == 'Contractors USWest' || organizationalUnit.toString() == 'Customers USWest'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <inducement id="3"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <resourceRef oid="f8939b78-2bd6-4eb4-b886-548b414ae9ff" type="c:ResourceType"><!-- Active Directory NA1.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:path>$immediateRole/roleType</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <code>roleType != 'system'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <inducement id="5"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <resourceRef oid="9ebeffc4-d1ce-4e6e-8077-4a77883cb04f" type="c:ResourceType"><!-- Active Directory NA2.tahzooint.com (LDAP) --></resourceRef><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <kind>entitlement</kind><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <intent>group</intent><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </construction><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <c:path>$immediateRole/roleType</c:path><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </source><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> <code>roleType != 'system'</code><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </script><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </expression><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </condition><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> </inducement><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"></role><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<div style="mso-line-height-rule:exactly;-webkit-text-size-adjust:100%;white-space:normal;"><br /><table cellpadding="0" cellspacing="0" border="0" style="background-color:#FFFFFF;border-collapse:collapse;font-size:0;line-height:16.88px;"><tr><td align="left" style="vertical-align:middle;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:0;"><tr><td align="left" style="border-top:none;border-right:solid 2px #124A7D;border-bottom:none;border-left:none;padding:0 10px 0 0;vertical-align:middle;line-height:normal;"><a href="http://www.tahzoo.com" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="cid:image580000.png@882E8E49.FBD6B249" width="96" height="51" border="0" alt="" style="min-width:96px;font-size:0;" /></a></td><td align="left" style="padding:10px 0 10px 10px;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:0;"><tr><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:13.5px;color:#606060;font-style:normal;font-weight:bold;text-decoration:none;"><tr><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;">Martin Herbert</td></tr><tr style="font-size:12px;color:#808080;line-height:15px;"><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;">Hosting Manager / Head of IT & Hosting Services</td></tr></table></td></tr><tr style="line-height:15px;white-space:nowrap;"><td align="left" style="padding:5px 0 10px;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:0;"><tr><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:12px;color:#124A7D;font-style:normal;font-weight:normal;text-decoration:none;"><tr><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;">M: </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"><a href="tel:+44%207862%20993%20003" target="_blank" id="LPlnk689713" style="color:#808080;text-decoration:none;"><strong style="font-weight:normal;">+44 7862 993 003</strong></a></td></tr></table></td></tr><tr><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:12px;color:#124A7D;font-style:normal;font-weight:normal;text-decoration:none;"><tr><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;">E: </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"><a href="mailto:martinh@tahzoo.com" target="_blank" id="LPlnk689713" style="color:#808080;text-decoration:none;"><strong style="font-weight:normal;">martinh@tahzoo.com</strong></a></td><td align="left" style="vertical-align:top;text-align:left;color:#808080;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"> | </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;">W: </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"><a href="http://www.tahzoo.com" target="_blank" id="LPlnk689713" style="color:#808080;text-decoration:none;"><strong style="font-weight:normal;">www.tahzoo.com</strong></a></td></tr></table></td></tr><tr><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:12px;color:#124A7D;font-style:normal;font-weight:normal;text-decoration:none;"><tr><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;font-weight:bold;">A: </td><td align="left" style="vertical-align:top;text-align:left;font-family:Century Gothic,CenturyGothic,AppleGothic,sans-serif;"><a href="https://www.google.com/maps/place/399+Silbury+Blvd,+Milton+Keynes+MK9+2AH,+UK/@52.0414531,-0.7670066,17z/data=!3m1!4b1!4m5!3m4!1s0x4877aa98b50bb921:0xef39de0bd21f30c6!8m2!3d52.0414531!4d-0.7648179" target="_blank" id="LPlnk689713" style="color:#808080;text-decoration:none;"><strong style="font-weight:normal;">399 Silbury Blvd, Milton Keynes, MK9 2AH, </strong></a></td></tr></table></td></tr></table></td></tr><tr style="line-height:normal;"><td align="left" style="vertical-align:top;"><map id="map_d76f44e2-3ede-4587-a34c-8e02a615874a" name="map_d76f44e2-3ede-4587-a34c-8e02a615874a"><area shape="rect" coords="0,0,16,16" href="https://www.linkedin.com/company/tahzoo" alt="LinkedIn" title="LinkedIn" target="_blank" /><area shape="rect" coords="19,0,35,16" href="skype:live:mherbert84?chat" alt="Skype" title="Skype" target="_blank" /><area shape="rect" coords="38,0,54,16" href="http://www.twitter.com/Tahzoo" alt="Twitter" title="Twitter" target="_blank" /></map><img usemap="#map_d76f44e2-3ede-4587-a34c-8e02a615874a" src="cid:image724001.png@7C80F4D4.F138AE4D" width="57" height="16" border="0" alt="" style="min-width:57px;font-size:0;" /></td></tr></table></td></tr></table></td></tr></table><br /></div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:black">From: </span></b><span style="color:black">midPoint <midpoint-bounces@lists.evolveum.com> on behalf of Ivan Noris <ivan.noris@evolveum.com><br>
<b>Organization: </b>Evolveum, s.r.o.<br>
<b>Reply-To: </b>midPoint General Discussion <midpoint@lists.evolveum.com><br>
<b>Date: </b>Monday, 5 September 2016 at 15:57<br>
<b>To: </b>"midpoint@lists.evolveum.com" <midpoint@lists.evolveum.com><br>
<b>Subject: </b>Re: [midPoint] Shadow Object update issue<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman""><o:p> </o:p></span></p>
</div>
<div>
<div>
<p>Hi Martin,<o:p></o:p></p>
<p>could you please share one of the roles which you assign for AD? Or at least mappings to show how you compute associations (associationTargetSearch)?<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Thanks,<br>
Ivan<o:p></o:p></p>
<div>
<p class="MsoNormal">On 09/05/2016 04:43 PM, Martin Herbert wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt">Hi Guys,</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt">We’ve successfully implemented Midpoint in to our production environment with multiple Active Directory domains. However, when user accounts are updated for any piece of information (password,
assignment or otherwise) midpoint automatically appears to update all shadow object associations on the AD environment.</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt">This is causing us a fair amount of issues, as a number of our users have in excess of 30 assignments with various AD groups and any level of change takes a number of minutes. Even a password
change takes a long time to complete. Is there a way to stop this update of all assignments/projections with every change and just handle that during a re-synchronise task say at the end of each day?</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-GB" style="font-size:11.0pt">Thanks</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"Times New Roman""><o:p> </o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="background:white;border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td style="border:none;border-right:solid #124A7D 1.5pt;padding:0in 7.5pt 0in 0in">
<p class="MsoNormal"><span style="font-size:1.0pt;font-family:"Times New Roman""><a href="http://www.tahzoo.com" target="_blank" id="LPlnk689713"><span style="text-decoration:none"><img border="0" width="96" height="51" id="_x0000_i1025" src="cid:image001.png@01D2078F.393220F0"></span></a><o:p></o:p></span></p>
</td>
<td valign="top" style="padding:7.5pt 0in 7.5pt 7.5pt">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Century Gothic";color:#606060">Martin Herbert<o:p></o:p></span></b></p>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal" style="line-height:11.25pt;mso-line-height-rule:exactly"><b><span style="font-size:9.0pt;font-family:"Century Gothic";color:gray">Hosting Manager / Head of IT & Hosting Services<o:p></o:p></span></b></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:3.75pt 0in 7.5pt 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D">M: <o:p></o:p></span></b></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D"><a href="tel:+44%207862%20993%20003" target="_blank" id="LPlnk689713"><strong><span style="font-family:"Century Gothic";color:gray;font-weight:normal;text-decoration:none">+44 7862 993 003</span></strong></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D">E: <o:p></o:p></span></b></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D"><a href="mailto:martinh@tahzoo.com" target="_blank" id="LPlnk689713"><strong><span style="font-family:"Century Gothic";color:gray;font-weight:normal;text-decoration:none">martinh@tahzoo.com</span></strong></a><o:p></o:p></span></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Century Gothic";color:gray"> | <o:p></o:p></span></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D">W: <o:p></o:p></span></b></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D"><a href="http://www.tahzoo.com" target="_blank" id="LPlnk689713"><strong><span style="font-family:"Century Gothic";color:gray;font-weight:normal;text-decoration:none">www.tahzoo.com</span></strong></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D">A: <o:p></o:p></span></b></p>
</td>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Century Gothic";color:#124A7D"><a href="https://www.google.com/maps/place/399+Silbury+Blvd,+Milton+Keynes+MK9+2AH,+UK/@52.0414531,-0.7670066,17z/data=%213m1%214b1%214m5%213m4%211s0x4877aa98b50bb921:0xef39de0bd21f30c6%218m2%213d52.0414531%214d-0.7648179" target="_blank" id="LPlnk689713"><strong><span style="font-family:"Century Gothic";color:gray;font-weight:normal;text-decoration:none">399 Silbury Blvd, Milton Keynes, MK9 2AH, </span></strong></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" style="padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:1.0pt;font-family:"Times New Roman""><map name="MicrosoftOfficeMap0"><area shape="Rect" coords="-1, 0, 15, 16" href="https://www.linkedin.com/company/tahzoo" target="_blank" title="LinkedIn"><area shape="Rect" coords="18, 0, 34, 16" href="skype:live:mherbert84?chat" target="_blank" title="Skype"><area shape="Rect" coords="37, 0, 53, 16" href="http://www.twitter.com/Tahzoo" target="_blank" title="Twitter"></map><img border="0" width="57" height="16" id="_x0000_i1026" src="cid:image002.png@01D2078F.393220F0" usemap="#MicrosoftOfficeMap0"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="font-family:"Times New Roman""><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Times New Roman""><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>midPoint mailing list<o:p></o:p></pre>
<pre><a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><o:p></o:p></pre>
<pre><a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-family:"Times New Roman""><br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre>Ivan Noris<o:p></o:p></pre>
<pre>Senior Identity Engineer<o:p></o:p></pre>
<pre>evolveum.com<o:p></o:p></pre>
</div>
</div>
</div>
</body>
</html>