<html><body><div style="font-family: times new roman, new york, times, serif; font-size: 12pt; color: #000000"><div>Hi Saule,<br></div><div><br></div><div>ok great. There is also other way how to use "manually created groups": by using <associationTargetSearch> in the roles, e.g.:<br></div><div>...<br></div><div> <inducement><br> <construction><br> <resourceRef oid="00000000-dc00-dc00-0001-100000000002" type="c:ResourceType"/><br> <kind>account</kind><br> <intent>default</intent><br> <association><br> <ref>ri:adGroups</ref><br> <outbound><br> <strength>strong</strength><br> <expression><br> <associationTargetSearch><br> <filter><br> <q:equal><br> <q:path><br> declare namespace icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3";<br> declare namespace ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";<br> attributes/icfs:name<br> </q:path><br> <q:value>cn=my manual group1,ou=my groups,dc=win,dc=example,dc=com</q:value><br> </q:equal><br> </filter><br> <searchStrategy>onResourceIfNeeded</searchStrategy><br> </associationTargetSearch><br> </expression><br> </outbound><br> </association><br><br> </construction><br> </inducement> <br>...<br></div><div>this assumes the association is configured for "ri:adGroups" attribute in the resource.<br></div><div><br></div><div>Regards,<br></div><div>Ivan<br></div><div><br></div><hr id="zwchr"><blockquote style="border-left:2px solid #1010FF;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Мамаева Сауле Сериковна" <s.mamayeva@ktg.kz><br><b>To: </b>"midPoint General Discussion" <midpoint@lists.evolveum.com><br><b>Sent: </b>Wednesday, October 12, 2016 6:00:24 AM<br><b>Subject: </b>Re: [midPoint] Adding user as member to existing group in AD<br><div><br></div>
<style><!--
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
pre
{mso-style-priority:99;
mso-style-link:"Стандартный HTML Знак";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;
mso-fareast-language:RU;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.HTML
{mso-style-name:"Стандартный HTML Знак";
mso-style-priority:99;
mso-style-link:"Стандартный HTML";
font-family:"Consolas","serif";
color:black;
mso-fareast-language:EN-US;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">Hi, Ivan</span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US">I have already solved this problem. The group was created manually in Active Directory. I just assigned Metarole for groups(that has 2 inducement: for entitlement and for account) to my role with
same name as in group in Active Directory. Then after group synchronization Existing Group in Active Directory was linked with my role.
</span></p>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span></p>
<div>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">Best regards,</span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">Saule Mamayeva</span></p>
<p class="MsoNormal"><span style="font-family:"Times New Roman","serif";color:#1F497D;mso-fareast-language:RU" lang="EN-US"><a href="mailto:s.mamayeva@ktg.kz" target="_blank"><span style="color:#0563C1">s.mamayeva@ktg.kz</span></a></span><br data-mce-bogus="1"></p>
</div>
<p class="MsoNormal"><span style="color:#1F497D" lang="EN-US"> </span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU" lang="EN-US">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU" lang="EN-US">
midPoint [mailto:midpoint-bounces@lists.evolveum.com] <b>On Behalf Of </b>Ivan Noris<br>
<b>Sent:</b> Tuesday, October 11, 2016 5:05 PM<br>
<b>To:</b> midpoint@lists.evolveum.com<br>
<b>Subject:</b> Re: [midPoint] Adding user as member to existing group in AD</span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p>Hi Saule,</p>
<p>is this "existing group" created by midPoint, or it was created manually in Active Directory and you wish to put accounts there using midPoint?</p>
<p>Regards,</p>
<p>Ivan</p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">On 10/07/2016 11:54 AM, Мамаева Сауле Сериковна wrote:</p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">Hello,</span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">I’m trying to assign role to user that will add user as a member to existing group in Active Directory. I created role with inducement and add to resource schema handling
object type for my existing group in AD. But after assigning role to user, my user will not become member of existing group in Active Directory. What did I miss?</span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">The name of group in AD: free_mail_all</span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">This is inducement for my role:</span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <inducement id="1"></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <construction></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <resourceRef oid="ef2bc95b-76e0-11e2-86d6-3d4f02d30001" type="c:ResourceType"></resourceRef></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <kind>account</kind></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <intent>default</intent></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <association></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <c:ref>ri:group</c:ref></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <outbound></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <expression></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <associationFromLink></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <projectionDiscriminator></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <kind>entitlement</kind></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <intent>free_mail_all</intent></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </projectionDiscriminator></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </associationFromLink></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </expression></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </outbound></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </association></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </construction></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <order>1</order></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </inducement></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">This is a new object type in my Resource schema handling:</span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"><objectType></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <kind>entitlement</kind></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <intent>free_mail_all</intent></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <displayName>AD free_mail_all Group</displayName></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <objectClass>ri:group</objectClass></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <attribute></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <c:ref>ri:dn</c:ref></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <matchingRule xmlns:mr=<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3" target="_blank">"http://prism.evolveum.com/xml/ns/public/matching-rule-3"</a>>mr:stringIgnoreCase</matchingRule></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <tolerant>true</tolerant></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <exclusiveStrong>false</exclusiveStrong></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <outbound></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <authoritative>false</authoritative></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <exclusive>false</exclusive></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <strength>normal</strength></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <expression></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <script></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <code></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> 'cn=Free_mail_all,ou=Groups,ou=City,DC=wso,DC=kz'</span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </code></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </script></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </expression></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </outbound></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </attribute></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </objectType></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">This is Association part for Account object in Resource xml:</span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"><association></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <c:ref>ri:group</c:ref></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <displayName>AD Group Membership</displayName></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <kind>entitlement</kind></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <intent>group</intent></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <intent>free_mail_all</intent></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <direction>objectToSubject</direction></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <associationAttribute>ri:member</associationAttribute></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <valueAttribute>ri:dn</valueAttribute></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <shortcutAssociationAttribute>ri:memberOf</shortcutAssociationAttribute></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> <shortcutValueAttribute>ri:dn</shortcutValueAttribute></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </association></span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">Best regards,</span></p>
<p class="MsoNormal"><span style="color:#1F497D;mso-fareast-language:RU" lang="EN-US">Saule
</span></p>
<p class="MsoNormal"><span lang="EN-US"><a href="mailto:s.mamayeva@ktg.kz" target="_blank"><span style="color:#0563C1">s.mamayeva@ktg.kz</span></a></span><br data-mce-bogus="1"></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU"><br>
<br>
<br>
</span></p>
<pre>_______________________________________________</pre>
<pre>midPoint mailing list</pre>
<pre><a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br data-mce-bogus="1"></pre>
<pre><a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br data-mce-bogus="1"></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU"><br>
<br>
</span></p>
<pre>-- </pre>
<pre>Ivan Noris</pre>
<pre>Senior Identity Engineer</pre>
<pre>evolveum.com</pre>
</div>
<br>_______________________________________________<br>midPoint mailing list<br>midPoint@lists.evolveum.com<br>http://lists.evolveum.com/mailman/listinfo/midpoint<br></blockquote><div><br><br></div><div><br></div><div>-- <br></div><div><span name="x"></span>Ivan Noris<br>Senior Identity Engineer<br>evolveum.com<span name="x"></span><br></div></div></body></html>