Help! How to manually correct the OWNER after a misReconcile.
Hi experts.
Our reconciliation policy left a gap. About 20 AD resource accounts are now CONFIRMED and OWNED by wrong IdM user accounts.
How can I correct this situation?
I try highlighting the record in Examine Account Index but I get just 2 options neither help correct this.
What I want to do is to return the AD resource account to state UNASSIGNED so it can be linked correctly.
How is it done?
I am getting stressed over this.. its an urgent situation.
[500 byte] By [
greenfan88] at [2007-11-26 7:39:44]
# 1
Assuming you have IDM 6.0:
- Login to the idm admin interface (as configurator, for example).
- Click on the accounts tab
- Click the checkbox next to the user and then select unassign
You are then taken to the user edit form. Only select unassign
on the resource account you want to fix.
- Click save.
Warning: I have not tested this. I'm actually not sure if you need
to click unassign and/or unlink.
It might help....
johni at 2007-7-6 19:44:05 >
# 2
Thanks for the reply but we have IdM 5.5
I am worried about unlinking - it sounds like it may delete the resource account.
Surely there is an easy way. What do you do when manually linking and after searching for matches you suffer a mouse slip and click the wrong link from the possibilities!
# 4
Hi,
I tried an experiment with IDM6.0:
I unlinked a resource account.
This did not delete the resource account,
but the account situation changed to FOUND.
(Beware, there may be caching issues on the user interface
so you may not see the situation change immediately).
There is now an exclamation mark in a yellow triangle
next to the user in the main accounts tab.
(At this point, from the account index, you could then right-click on
an unassigned resource accounts and specify the owner.)
When I then edited the user, a
new heading called "DISCOVERED ACCOUNTS" appears,
along with and a field below it called "accountId".
I filled the accountId field with the resource-account-id of the resource
that should belong to this user, and clicked save.
This seemed to work for me.
Again, this is IDM 6.0 but the concepts might apply to 5.5
(don't hold me responsible though!)
Do you have a test account or test environment?
Hope this helps,
John I
johni at 2007-7-6 19:44:05 >
# 6
Thanks guys.
reading the help screen tells me (in IdM 5.5) that I can manually adjust the ownership for all resource accounts that are *not* CONFIRMED. Wonderful.
So is it really so in IdM version 5.5 that to recover from a misReconcile, or a mouse slip, i.e. the case where the CONFIRMED OWNER is not correct, I must unlink the resource entry from that IdM user - so deleting the resource entry. Then restore that entry from a backup and reconcile again (with corrected policy)
# 9
yes I did,
In 5.5 you have to use the Delete menu option of the User.
i.e. Accounts -> Highlight User -> right mouse click -> Delete
On the delete screen I was able to check the unassign all resources checkbox. This fortunately does what I wanted. The first time was a bit of a nervous moment though.
GF
