<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;
mso-fareast-language:EN-US;}
pre
{mso-style-priority:99;
mso-style-link:"Стандартный HTML Знак";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;
mso-fareast-language:RU;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.HTML
{mso-style-name:"Стандартный HTML Знак";
mso-style-priority:99;
mso-style-link:"Стандартный HTML";
font-family:"Consolas","serif";
color:black;
mso-fareast-language:EN-US;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="RU" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">Hi, Ivan<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D">I have already solved this problem. The group was created manually in Active Directory. I just assigned Metarole for groups(that has 2 inducement: for entitlement and for account) to my role with
same name as in group in Active Directory. Then after group synchronization Existing Group in Active Directory was linked with my role.
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">Saule Mamayeva<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-family:"Times New Roman","serif";color:#1F497D;mso-fareast-language:RU"><a href="mailto:s.mamayeva@ktg.kz"><span style="color:#0563C1">s.mamayeva@ktg.kz</span></a><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">From:</span></b><span lang="EN-US" style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext;mso-fareast-language:RU">
midPoint [mailto:midpoint-bounces@lists.evolveum.com] <b>On Behalf Of </b>Ivan Noris<br>
<b>Sent:</b> Tuesday, October 11, 2016 5:05 PM<br>
<b>To:</b> midpoint@lists.evolveum.com<br>
<b>Subject:</b> Re: [midPoint] Adding user as member to existing group in AD<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p>Hi Saule,<o:p></o:p></p>
<p>is this "existing group" created by midPoint, or it was created manually in Active Directory and you wish to put accounts there using midPoint?<o:p></o:p></p>
<p>Regards,<o:p></o:p></p>
<p>Ivan<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 10/07/2016 11:54 AM, Мамаева Сауле Сериковна wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">Hello,</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">I’m trying to assign role to user that will add user as a member to existing group in Active Directory. I created role with inducement and add to resource schema handling
object type for my existing group in AD. But after assigning role to user, my user will not become member of existing group in Active Directory. What did I miss?</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">The name of group in AD: free_mail_all</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">This is inducement for my role:</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <inducement id="1"></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <construction></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <resourceRef oid="ef2bc95b-76e0-11e2-86d6-3d4f02d30001" type="c:ResourceType"></resourceRef></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <kind>account</kind></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <intent>default</intent></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <association></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <c:ref>ri:group</c:ref></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <outbound></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <expression></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <associationFromLink></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <projectionDiscriminator></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <kind>entitlement</kind></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <intent>free_mail_all</intent></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </projectionDiscriminator></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </associationFromLink></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </expression></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </outbound></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </association></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </construction></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <order>1</order></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </inducement></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">This is a new object type in my Resource schema handling:</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"><objectType></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <kind>entitlement</kind></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <intent>free_mail_all</intent></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <displayName>AD free_mail_all Group</displayName></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <objectClass>ri:group</objectClass></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <attribute></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <c:ref>ri:dn</c:ref></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <matchingRule xmlns:mr=<a href="http://prism.evolveum.com/xml/ns/public/matching-rule-3">"http://prism.evolveum.com/xml/ns/public/matching-rule-3"</a>>mr:stringIgnoreCase</matchingRule></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <tolerant>true</tolerant></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <exclusiveStrong>false</exclusiveStrong></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <outbound></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <authoritative>false</authoritative></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <exclusive>false</exclusive></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <strength>normal</strength></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <expression></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <script></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <code></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> 'cn=Free_mail_all,ou=Groups,ou=City,DC=wso,DC=kz'</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </code></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </script></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </expression></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </outbound></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </attribute></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </objectType></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">This is Association part for Account object in Resource xml:</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"><association></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <c:ref>ri:group</c:ref></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <displayName>AD Group Membership</displayName></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <kind>entitlement</kind></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <intent>group</intent></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <intent>free_mail_all</intent></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <direction>objectToSubject</direction></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <associationAttribute>ri:member</associationAttribute></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <valueAttribute>ri:dn</valueAttribute></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <shortcutAssociationAttribute>ri:memberOf</shortcutAssociationAttribute></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> <shortcutValueAttribute>ri:dn</shortcutValueAttribute></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </association></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU"> </span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">Best regards,</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="color:#1F497D;mso-fareast-language:RU">Saule
</span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"><a href="mailto:s.mamayeva@ktg.kz"><span style="color:#0563C1">s.mamayeva@ktg.kz</span></a></span><o:p></o:p></p>
<p class="MsoNormal"><span lang="EN-US"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>midPoint mailing list<o:p></o:p></pre>
<pre><a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><o:p></o:p></pre>
<pre><a href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:RU"><br>
<br>
<o:p></o:p></span></p>
<pre>-- <o:p></o:p></pre>
<pre>Ivan Noris<o:p></o:p></pre>
<pre>Senior Identity Engineer<o:p></o:p></pre>
<pre>evolveum.com<o:p></o:p></pre>
</div>
</body>
</html>