Active Directory
A set of directory-based technologies included in Windows Server.
6,801 questions
Successfactors to active directory user provisioning
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 7.000000000000001%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFI%3C/text%3E%3C/svg%3E)
france indo
0
Reputation points
I have an issue with the integration Successfactors to active directory user provisioning.
The attribute personalIdExternal is mapped with employeeId and set to match AD objects using this attribute. However, even I clear the employeeId attribute, the provisioning still updates the AD user.. how the mapping could be done without employeeId (cleared)? It means that entra app could identify the target user without the matching attribute but which attribute was used to?
Here is an example of the issue :
- AD user 1 > Jane SMITH
- AD user 2 > John DOE
In SuccessFactors : Jane SMITH doesn't exist only John DOE exists.
In AD (on-prem) : both accounts have been manually created. I am trying to match John DOE (SuccessFactors) to John DOE (AD), I set employeeId same with his personalIdExternal but when I provision on demand, Jane SMITH is updated in AD (with John DOE's data) and not John DOE.
If I delete Jane SMITH's AD account it ll fix the issue but I can delete it because its an active user with mailbox...
I confirm :
- I didn't set another matching attribute & the change has been replicated to all DCs.
- I tried with scoping filtrer, it excludes Jane SMITH but John DOE is not updated.
Sign in to answer