Hi,


Issue Summary : The CN of a User account created in AD from IDM side is
getting renamed while SamAccountName remains unchanged.

For eg : User CN in IDM -> admFirstName.LastName
User CN in AD -> FirstName LastName
SamAccountName in AD -> admFirstName.LastName

Key points
- The user is created by using workflow and some default roles assigned
at the time of creation
- The user is created with correct naming convention initially both in
IDM and AD.
- After some time, with a modify event from AD driver the user CN at AD
system gets renamed. The AD Logs snippet shows as below:

[05/10/16 02:55:43.172]:AD ST:Submitting document to subscriber shim:
[05/10/16 02:55:43.173]:AD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.0.2.5">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<modify class-name="user" event-id="Active Directory
Driver##15499732cd1##0" from-merge="true"
qualified-src-dn="O=xxx\CN=admSnow01.White01"
src-dn="xxx\admSnow01.White01" src-entry-id="116527">
<association>e1d77789b87b794ca4274327d57a3cbc</association>
<modify-attr attr-name="dirxml-uACAccountDisable">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="memberOf">
<remove-all-values/>
</modify-attr>
<modify-attr attr-name="nrfMemberOf">
<remove-all-values/>
<add-value>
<value timestamp="1462863213#67"
type="dn">\yyy\1022-ROL-PPRVACT-PRD</value>
<value timestamp="1462863214#3"
type="dn">\yyy\1012_ROL_GlobApp_PRD</value>
</add-value>
</modify-attr>
<modify-attr attr-name="displayName">
<remove-all-values/>
<add-value>
<value timestamp="1462863213#42" type="string">Snow01
White01</value>
</add-value>
</modify-attr>
</modify>
<modify-password class-name="user" event-id="pwd-subscribe"
qualified-src-dn="O=xxx\CN=admSnow01.White01"
src-dn="xxx\admSnow01.White01" src-entry-id="116527">
<association>e1d77789b87b794ca4274327d57a3cbc</association>
<password><!-- content suppressed --></password>
<operation-data>
<password-subscribe-status>
<association>e1d77789b87b794ca4274327d57a3cbc</association>
</password-subscribe-status>
</operation-data>
</modify-password>
<rename class-name="user" event-id="Active Directory
Driver##15499732cd1##0" qualified-src-dn="O=xxx\CN=admSnow01.White01"
src-dn="xxx\admSnow01.White01" src-entry-id="116527">
<association>e1d77789b87b794ca4274327d57a3cbc</association>
<new-name>Snow01 White01</new-name>
</rename>
</input>
</nds>



Can someone help me to identify the cause for this and handle such case?


Thanks in advance!


--
neha_gupta
------------------------------------------------------------------------
neha_gupta's Profile: https://forums.netiq.com/member.php?userid=1249
View this thread: https://forums.netiq.com/showthread.php?t=55839