<div dir="ltr">Hi Ivan,<div><br></div><div>Thank you very much for your detailed answer. </div><div>I had a user template, i have added and tried many things on template, <assignmenttargetsearch>", "<accountconstruction>", "<inducement>", "<construction><kind><account>"...... But none of them worked. </div><div><br></div><div>Now I will try what you suggested step by step, i will inform you, thank you again.</div><div><br></div><div>user template:</div><div><br></div><div><div><mapping></div><div> <description>AD Resource Create</description></div><div> <strength>strong</strength></div><div> <source></div><div> <c:path>name</c:path></div><div> </source></div><div> <expression></div><div> <value></div><div> <construction></div><div> <resourceRef oid="746ecf5e-3e8c-11e6-b2f9-3c970e44b9e2" type="c:ResourceType"/></div><div> </construction></div><div> </value></div><div> </expression></div><div> <target></div><div> <c:path>assignment</c:path></div><div> </target></div><div> <condition></div><div> <script></div><div> <code>name != null</code></div><div> </script></div><div> </condition></div><div> </mapping></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 10, 2017 at 5:23 PM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi Dilek,</p>
<p>not sure if I understand, so I try to explain what I think you
want.</p>
<p>If you want to get your midPoint users to AD, the term "bulk
import" does not quite correspond to it. To me it seems you want
to provision your midpoint users to AD.</p>
<p>LiveSync and Reconciliation evaluate situations/changes in
resource and are able to import the accounts to midPoint and link
or create users.<br>
</p>
<p>To provision users to AD resource, you need:<br>
</p>
<p>1) outbound mappings in your resource. That is probably OK, as
you can manually add AD account to (specific) users</p>
<p>2) role with construction to AD resource</p>
<p>3) default object template which will assign role from 2) to (all
or specific) users in midPoint</p>
<p>Example of such template is:
<a class="gmail-m_-5082767416142375561moz-txt-link-freetext" href="https://github.com/Evolveum/midpoint/blob/v3.5.1/samples/objects/object-template-user.xml" target="_blank">https://github.com/Evolveum/<wbr>midpoint/blob/v3.5.1/samples/<wbr>objects/object-template-user.<wbr>xml</a></p>
<p>See the mapping named "basic role". The "oid" referenced in
assignmentTargetSearch is the oid of your role (with construction
for AD account). In real life, there should be a condition so that
the role is not assigned to all users, but e.g. to employees only.<br>
</p>
<p>The template must be configured as default in Configuration -
System for UserType objects.</p>
<p>After that, you only need to edit any existing user and check
"Reconcile" checkbox and save. The account will be created
according to the role and AD schema handling mappings.</p>
<p>To populate all users, you would need to run Recompute task. That
would do exactly the same as "Reconcile" checkbox for all users.</p>
<p>Regards,</p>
<p>Ivan<br>
</p>
<br>
<div class="gmail-m_-5082767416142375561moz-cite-prefix">On 05/10/2017 11:52 AM, Dilek Gider
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi All,
<div><br>
</div>
<div>I have a resource with ADLDAPConnector. I want to add all
of midpoint users to AD.</div>
<div>I have a resource xml, it works by manually adding user to
AD account. But when I run recon job task or live synch task,
it only evaluates AD users, doesn't evaluate midpoint users.
Is there any other method to create midpoint users in any
resource?</div>
<div><br>
</div>
<div>Thank you very much.</div>
<div><br>
</div>
<div>Dilek</div>
</div>
<br>
<fieldset class="gmail-m_-5082767416142375561mimeAttachmentHeader"></fieldset>
<br>
<pre>______________________________<wbr>_________________
midPoint mailing list
<a class="gmail-m_-5082767416142375561moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a class="gmail-m_-5082767416142375561moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><span class="gmail-HOEnZb"><font color="#888888">
</font></span></pre><span class="gmail-HOEnZb"><font color="#888888">
</font></span></blockquote><span class="gmail-HOEnZb"><font color="#888888">
<br>
<pre class="gmail-m_-5082767416142375561moz-signature" cols="72">--
Ivan Noris
Senior Identity Engineer
<a href="http://evolveum.com" target="_blank">evolveum.com</a>
</pre>
</font></span></div>
<br>______________________________<wbr>_________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">http://lists.evolveum.com/<wbr>mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div></div></div>