Quick tip: Be careful when using the Read Created Users template from IDM 7.1 and 7.2. It seems there is a small bug in the source LDAP filter.
In the Read Created users from AD pass template the filter
reads:
(&(objectclass=user)(uSNChanged>=$FUNCTION.GetCreate()$$))
However it should read:
(&(objectcategory=user)(uSNCreated>=$FUNCTION.GetCreate()$$))
Fortunately, this is an easy fix. Found this on a recent project where we needed to gather all newly created users for some processing but found that we were gathering too many users. After a little investigation we found the problem and fixed it.
No comments:
Post a Comment