To use reverse synchronization on an attribute in an endpoint account, you first map it to an attribute visible in the User Console. Some attributes, such as account name and password, are mapped by default. Other attributes are not mapped. For example, the Active Directory attribute group membership is not mapped. For some endpoint types, no attributes are mapped.
To check if the attribute can be mapped
You cancel the policy because you are only using it now to check which attributes can be mapped.
Important! You can manage certain attributes only by native tools on the endpoint. So if an endpoint user modifies this type of attribute, the reverse event fails when the reverse synchronization policy is triggered. However, changes to other attributes in that reverse event are not reversed. Therefore, avoid mapping attributes that can only be managed on the endpoint.
To map endpoint attributes for reverse synchronization
You can use the same custom attribute (CustomField 10 in our example) for all attributes you want to manage.
To create baseline values for this endpoint
Once all values for an endpoint are mapped, you explore the endpoint. For this operation, you disable inbound notification and enable it after the explore completes. Disabling notification eliminates notifications that are unnecessary. Otherwise, every account that has values on the new attributes would generate a notification during the explore operation.
Choose an explore and correlate definition that has correlation deselected.
This action repopulates the user store attributes with the new endpoint attribute data. This task may take a while if the endpoint is large.
At the next explore and correlate operation for that endpoint, modify account notifications are generated. Notifications are generated if a change occurred for an attribute that is mapped to a global user attribute and a policy applies to that attribute.
Copyright © 2013 CA.
All rights reserved.
|
|