ADHocProjection properties and values missing from logs when Read-only enabled

Hi

We are using Identity Manager On-demand Starling 8.2.1 

We don't have an Active Directory test environment so the way we get past this is to enable "Read-Only" mode on the Production target system connector within our Test environment.

In summary what we are trying to achieve is test and validate the expected changes that WILL be made within AD without actually making them. Similar to a simulation.

The thinking is that if we select everything as part of "Data to log" within the sync project, we will see all the proposed properties and changes made, even though it won't actually provision, due to read-only mode?

However this is not the case because we can only see the main error "You cannot modify it!"

Further more, is this the correct approach to follow or, are there better ways of getting an overview of all the proposed ADHocProjection changes that is planned to be provisioned? 

Thanks DK

Parents
  • Hello DK,

    Maybe your are already doing this but in your scenario i would use a "default" user account with no extra permissions this wil give you 95% visibility in AD
    and should be enough to run a sync without the risk of someone removing the read-only option on the sync project.

    You will find the old vs new values of an object in the jobqueue click on the frozen AdHocProjection job step and see the Parameters section: CausingEntityPatch

    You could also enable job history if you want to log everything:
    Processes Not Appearing in Job History

    You could also add a script step to make an "EntityPatch" of the "Entity" object in the process
    Value = EntityPatch.Create(Entity, Session.MetaData(), DiffMode.AllContent).ToXml()
    or Value = EntityPatch.Create(Entity, Session.MetaData(), DiffMode.Changed).ToXml()
    and make you own value compare script/logger.

    HtH
    Niels

Reply
  • Hello DK,

    Maybe your are already doing this but in your scenario i would use a "default" user account with no extra permissions this wil give you 95% visibility in AD
    and should be enough to run a sync without the risk of someone removing the read-only option on the sync project.

    You will find the old vs new values of an object in the jobqueue click on the frozen AdHocProjection job step and see the Parameters section: CausingEntityPatch

    You could also enable job history if you want to log everything:
    Processes Not Appearing in Job History

    You could also add a script step to make an "EntityPatch" of the "Entity" object in the process
    Value = EntityPatch.Create(Entity, Session.MetaData(), DiffMode.AllContent).ToXml()
    or Value = EntityPatch.Create(Entity, Session.MetaData(), DiffMode.Changed).ToXml()
    and make you own value compare script/logger.

    HtH
    Niels

Children
No Data