Users leave a set but are still being affected by the Sync Rules... (Network Steve Forum)

Users leave a set but are still being affected by the Sync Rules...

I have a number of Sync Rules set up to write txt files that are sent to external partners.

Each one is set up with an MPR and Workflow and they all feed from the same Set that looks for a group of attributes, one being if the user is Active or Terminated.

If a user is Terminated, they are no longer a member of the set.

The issue is that the ERL is not getting updated. Therefore the T users are still getting exported.

Example:

A1-MPR

Type: Set Transition

Transition Set: A1Users-Set

Transition Type: Transition In

Action Workflow: A1Users-Workflow

A1Users-Workflow

Workflow Type: Action

Run On Policy Update: enabled

Activities: Add the target Resource to the Sync Rule A1Users-SyncRule

Action Selection: Add

A1Users-SyncRule

Data Flow: Outbound

MV Type: person

Ext System: A1Users.CSV

Ext Type: Person

Create resourse in external system: yes

Enable Deprovisioning: yes

Outbound attribute flow: yadda yadda yadda

Question: Do I need a separate MPR and Workflow to REMOVE these users from the Sync Rules being affected?

September 5th, 2014 12:05pm

You should either create such MPR or (better) create mechanics that would delete ERE and DRE once they are applied and not needed after. Depends on what this SR does.

It simplifies your environment and you would synchronize less objects - so it would be f

Free Windows Admin Tool Kit Click here and download it now

September 5th, 2014 1:17pm

The files need to be generated each day.

Since I am using the file MA, I have a dummy file that is read after the export with a single user in it so that the connector space is cleared each time.

Therefore, as long as a user is A (Active), they are relevant to be exported as part of this MA and the assigned SR.

I have set up an MPR and Workflow that will hopefully address this. I have actually done two, one that is tied to users who Transition Out of my trigger set and I have the workflow set to address some of my SRs (SR1-3). I made a second one tied to a new set just for T (Terminated) users that is a Transition In and tied to a workflow that will remove the users from another set of SRs(SR 4-6).

Seems like two ways to do the same thing, but I want to see if one works better that the other.

I am not familiar with what you mean by "create mechanics" to delete the ERE and DRE. Can you expand or point me toward an article/blog?

Thank you!

-Fred

September 5th, 2014 1:29pm

Question: Do I need a separate MPR and Workflow to REMOVE these users from the Sync Rules being affected?

Do you have equivalent WF and MPR which removes the Sync rule? If not, then you should have one, just like you have a workflow which adds the sync rule, make another one which removes the sync rule. Then make another MPR, which is based on a transition Out, and run this workflow whenever the user transitions out from this set

Edited by kmittal82 2 hours 2 minutes ago

Free Windows Admin Tool Kit Click here and download it now

September 8th, 2014 4:53am

Question: Do I need a separate MPR and Workflow to REMOVE these users from the Sync Rules being affected?

Edited by kmittal82 Monday, September 08, 2014 8:52 AM

September 8th, 2014 11:51am

Question: Do I need a separate MPR and Workflow to REMOVE these users from the Sync Rules being affected?

Edited by kmittal82 Monday, September 08, 2014 8:52 AM
Marked as answer by Fred Buecker - AE 18 hours 2 minutes ago

Free Windows Admin Tool Kit Click here and download it now

September 8th, 2014 11:51am

Question: Do I need a separate MPR and Workflow to REMOVE these users from the Sync Rules being affected?

Edited by kmittal82 Monday, September 08, 2014 8:52 AM
Marked as answer by Fred Buecker - AE Tuesday, September 09, 2014 4:53 PM

September 8th, 2014 11:51am

This topic is archived. No further replies will be accepted.