Please let me ask a question.
Synchronizing SQL Server Objects to AD using ILM2007.
<Purpose>
A:When a user is deleted from SQL, I would like to perform the following processings.
1.UserAccountControl = 514;
2.DN="OU=RetiredUser,OU=UserOU,DC=local.DC=com";
B:It is made to Join when the user with same SamaccountName is created by SQL.
<Tried contents >
1.Deprovision coding ->MV delete ->B cannot
2.Provision coding -> UserAccountContorol is read only ->A cannot
#System.InvalidOperationException: attribute userAccountControl is read-only
--------------------
void IMVSynchronization.Provision (MVEntry mventry){
ConnectedMA ma = mventry.ConnectedMAs["ADMA"];
int ADMAconnect = ma.Connectors.Count;
int SQLconnect = mventry.ConnectedMAs["SQL_User_MA"].Connectors.Count;
if (SQLconnect == 0 && ADMAconnect == 1)
{
csentry = ma.Connectors.ByIndex[0];
// Moves the disabled user account to another container.
string container = "OU=RetiredUser,OU=UserOU,DC=local.DC=com";
string rdn = "CN=" + csentry["samAccountName"].Value;
//csentry["userAccountControl"].Value = "514"; <error Point>
ReferenceValue dn = ma.EscapeDNComponent(rdn).Concat(container);
csentry.DN = dn;
//throw new UnexpectedDataException(rdn);
}
}
-------------------
3.ADMA>Attribute Flow>rules extension coding.
But User deleted from DB does not pass along Export Rule.
-------------------
void IMASynchronization.MapAttributesForExport (string FlowRuleName, MVEntry mventry, CSEntry csentry)
{
if(FlowRuleName == "UAC"){
//throw new EntryPointNotImplementedException(temp);
if (mventry.ConnectedMAs["SQL_User_MA"].Connectors.Count == 0)
{
csentry["userAccountControl"].Value = "514";
}
else {
csentry["userAccountControl"].Value = mventry["userAccountControl"].Value;
}
}
}
-------------------
I am troubled very much.
Aren't there any good methods?
It will be saved if advice is got.