How to update User email address after AD Reconciliation
Problem Scenario:
Users are fed into ITIM without email addresses.
AD Accounts are provisioned for these users via ITIM, and once they’ve been
created in AD, the email addresses are generated (automatically done by
Exchange).
Since ITIM needs valid email addresses on Users, in order to properly send
notifications, these email addresses somehow have to be pushed back to the User
records in ITIM.
Solution:
Basics:
1. Create a custom (non-static) Person operation that:
a. Finds the User’s AD Account
b. Retrieves the email address from the ADAccount
c. Modifies the User’s ‘mail’ attribute with this value
2. Create a Person Life Cycle Rule that:
a. Filters for Users with no ‘mail’ value
b. Executes the custom operation (created above) against the Users
returned by the filter.
Details:
Create custom Operation
1. Login to ITIM admin console with and administrator ID
2. navigate to Configure System > Manage Operations
3. Select Entity level > Person > Person (or whatever Person type you want
updated)
4. Click Add…
5. Click the Properties button
6. Select the “Non Static” radio button, then click Ok
7. Add a Script node after the Start node.
8. Enter an Activity ID (example: getEmail)
9. Enter a script in the JavaScript box, similar to this:
var person = Entity.get();
var accts = person.getProperty('account');
if(accts != null && accts.length > 0){
for(i=0;i<accts.length;i++){
var emailArr = accts[i].getProperty('erADESMTPEmail');
if(emailArr != null && emailArr.length > 0 ){
var email = emailArr[0];
person.setProperty('mail',email);
Entity.set(person);
break;
}
}
}
The script above does the following:
Line 1: gets the Person object (called “Entity”)
Line 2: gets an Array of all the account objects this Person owns
Line 3: checks to make sure the Array is not empty
Line 4: iterates through the Array of accounts
Line 5: attempts to get the value (Array) of the ‘erADESMTPEmail’ attribute
(this also tells us if the account is an ADAccount, since this attribute is unique to
ADAccounts)
Line 6: check to make sure the erADESMTPEmail Array is not empty
Line 7: if the Array is not empty, we retrieve the first value from the Array
(erADESMTPEmail is a single value attribute, so if the Array is not empty,
there should only be one value).
Line 8: we set the value from ‘erADESMTPEmail’, on to the ‘mail’ attribute for
the variable we’re using for the User (‘person’)
Line 9: we pass the modified User object back to the ‘Entity’ relevant data item
(so the object will have our modification when we use it later in the Operation)
Line 10: breaks out of the for loop (so we don’t use up resources iterating
through any of the User’s other accounts).
10. Add an Extension node after the Script node
11. Enter an Activity ID (example: setEmail)
12. Select “modifyPerson(Person personIn)” in the Extension Name
dropdown list
13. Set “Entity” as personIn (in Input Parameters) and as personOut (in
Output Parameters)
14. Click Ok
15. Connect the Start node to the Script (getEmail) node
16. Connect to the Script (getEmail) node to the Extension (setEmail) node
17. Connect the Extension (setEmail) node to the End node.
18. Click Ok to save the Operation.
Create Life Cycle Rule
19. Navigate to Configure System > Manage Life Cycle Rules
20. Select Entity level > Person > Person (or whatever Person type you need
updated by the operation)
21. Click the Add… button
22. Enter a Name, and Description (Description is optional)
23. Select your custom operation from the Operation dropdown list (NOTE: if
your custom operation is not in this list, you either selected the wrong
Entity type OR you did not select “Non Static” when you created your
Operation….see step 6 above)
24. Select the Event tab
25. Enter a filter that will return the Users you want the Operation executed
against
example: in order to return all Users that do not yet have an email address:
(!(mail=*))
26. Create a schedule to run this Life Cycle Rule (optional)
27. Click Ok
28. You can manually run your Life Cycle Rule from the Manage Life Cycle
Rules page, or let your Rules run via schedules.