sivaramtm Super Contributor.
Super Contributor.
652 views

How to sync extensionAttributes from IDM to Active Directory

Hi,

We have a requirement to update couple of IDM attributes to Active Directory extensionAttribute8,9. I did the schema mapping and added the IDM attributes into filter. After that i have used add destniation attribute like below to add these attributes to AD. There are no errors in the log but the Groups Object is not getting created. Please help.

<do-add-dest-attr-value class-name="Group" direct="true" name="extensionAttribute9">
<arg-dn>
<token-local-variable name="lvPIMADGrp"/>
</arg-dn>
<arg-value type="string">
<token-op-attr name="PIMBusinessService"/>
</arg-value>
</do-add-dest-attr-value>

Schema mapping

Schema mapping
non-class-specific mapping
extensionAttribute8 -- PIMContract

extensionAttribute9 -- PIMBusinessService

Regards
Siva ram T
Labels (1)
0 Likes
15 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: How to sync extensionAttributes from IDM to Active Directory

On 04/15/2019 06:34 AM, sivaramtm wrote:
>
> We have a requirement to update couple of IDM attributes to Active
> Directory extensionAttribute8,9. I did the schema mapping and added the
> IDM attributes into filter. After that i have used add destniation
> attribute like below to add these attributes to AD. There are no errors
> in the log but the Groups Object is not getting created. Please help.


You mentioned there are no errors in the log; the logs are not useful for
finding things like this, and instead you should be using trace files
(always) for troubleshooting. If you indeed have and meant trace files,
please post them here, at least at level three (3) tracing, at least from
the engine side.

> <do-add-dest-attr-value class-name="Group" direct="true"
> name="extensionAttribute9">
> <arg-dn>
> <token-local-variable name="lvPIMADGrp"/>
> </arg-dn>
> <arg-value type="string">
> <token-op-attr name="PIMBusinessService"/>
> </arg-value>
> </do-add-dest-attr-value>


Having this rule somewhere is one thing, but where did you put it in the
channel? Was it on the Subscriber channel, I presume? Also, unless you
caused an event on an appropriate object, this rule may never fire, so did
you cause an event that would cause it to fire? The trace will show all
of this.

> Schema mapping
>
> Schema mapping
> non-class-specific mapping
> extensionAttribute8 -- PIMContract
> extensionAttribute9 -- PIMBusinessService


These are probably fine, but do not really matter until we get over the
initial hurdles mentioned above, though once those are done having these
details will be useful, so thanks for sharing all you did.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
sivaramtm Super Contributor.
Super Contributor.

Re: How to sync extensionAttributes from IDM to Active Direc

Hi,

Log with trace level 10.

[04/15/19 14:19:09.566]:InternalAD ST:type(add-entry)entry-id(554745) dn(\T=BBCIDV\O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1) class-id(2318) class-name(nrfRole)
[04/15/19 14:19:09.566]:InternalAD ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=BBCPIMContract, string=en~testbus1|da~testbus1
[04/15/19 14:19:09.566]:InternalAD ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=CN, string=testbus1
[04/15/19 14:19:09.566]:InternalAD ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=nrfLocalizedDescrs, string=en~testbus1|da~testbus1
[04/15/19 14:19:09.566]:InternalAD ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=BBCPIMBusinessService, string=en~testbus1|da~testbus1
[04/15/19 14:19:09.566]:InternalAD ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=nrfLocalizedNames, string=en~testbus1|da~testbus1
[04/15/19 14:19:09.566]:InternalAD ST:Processing events for transaction.
[04/15/19 14:19:09.566]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190415121909.534Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1" src-entry-id="554745" timestamp="1555330749#16">
<add-attr attr-name="BBCPIMContract">
<value timestamp="1555330749#5" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1555330749#16" type="string">testbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555330749#3" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMBusinessService">
<value timestamp="1555330749#9" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555330749#4" type="string">en~testbus1|da~testbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/15/19 14:19:09.597]:InternalAD ST:Applying event transformation policies.
[04/15/19 14:19:09.597]:InternalAD ST:Applying policy: %+C%14CRemove Role and resource%-C.
[04/15/19 14:19:09.597]:InternalAD ST: Applying to add #1.
[04/15/19 14:19:09.597]:InternalAD ST: Evaluating selection criteria for rule 'Veto add event for ShareDrive'.
[04/15/19 14:19:09.613]:InternalAD ST: (if-class-name equal "BBCADShareDrive") = FALSE.
[04/15/19 14:19:09.613]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.613]:InternalAD ST: Evaluating selection criteria for rule 'Veto Modify event for ShareDrive'.
[04/15/19 14:19:09.613]:InternalAD ST: (if-class-name equal "BBCADShareDrive") = FALSE.
[04/15/19 14:19:09.613]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.613]:InternalAD ST: Evaluating selection criteria for rule 'Remove ADGroup Resource Role for Share drive'.
[04/15/19 14:19:09.629]:InternalAD ST: (if-class-name equal "BBCADShareDrive") = FALSE.
[04/15/19 14:19:09.629]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.629]:InternalAD ST:Policy returned:
[04/15/19 14:19:09.629]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190415121909.534Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1" src-entry-id="554745" timestamp="1555330749#16">
<add-attr attr-name="BBCPIMContract">
<value timestamp="1555330749#5" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1555330749#16" type="string">testbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555330749#3" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMBusinessService">
<value timestamp="1555330749#9" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555330749#4" type="string">en~testbus1|da~testbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/15/19 14:19:09.676]:InternalAD ST:Applying policy: %+C%14CDelete_Event%-C.
[04/15/19 14:19:09.676]:InternalAD ST: Applying to add #1.
[04/15/19 14:19:09.691]:InternalAD ST: Evaluating selection criteria for rule 'veto Delete Event Subscriber'.
[04/15/19 14:19:09.691]:InternalAD ST: (if-operation equal "delete") = FALSE.
[04/15/19 14:19:09.691]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.691]:InternalAD ST: Evaluating selection criteria for rule 'Delete_Group_in_IDM'.
[04/15/19 14:19:09.691]:InternalAD ST: (if-class-name equal "nrfRole") = TRUE.
[04/15/19 14:19:09.707]:InternalAD ST: (if-operation equal "delete") = FALSE.
[04/15/19 14:19:09.707]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.707]:InternalAD ST:Policy returned:
[04/15/19 14:19:09.707]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190415121909.534Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1" src-entry-id="554745" timestamp="1555330749#16">
<add-attr attr-name="BBCPIMContract">
<value timestamp="1555330749#5" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1555330749#16" type="string">testbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555330749#3" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMBusinessService">
<value timestamp="1555330749#9" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555330749#4" type="string">en~testbus1|da~testbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/15/19 14:19:09.738]:InternalAD ST:Applying policy: %+C%14CUnlock AD Account%-C.
[04/15/19 14:19:09.738]:InternalAD ST: Applying to add #1.
[04/15/19 14:19:09.738]:InternalAD ST: Evaluating selection criteria for rule 'Unlock AD user accounts if BBCadunlock is set to true'.
[04/15/19 14:19:09.738]:InternalAD ST: (if-operation equal "modify") = FALSE.
[04/15/19 14:19:09.738]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.738]:InternalAD ST:Policy returned:
[04/15/19 14:19:09.738]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190415121909.534Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1" src-entry-id="554745" timestamp="1555330749#16">
<add-attr attr-name="BBCPIMContract">
<value timestamp="1555330749#5" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1555330749#16" type="string">testbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555330749#3" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMBusinessService">
<value timestamp="1555330749#9" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555330749#4" type="string">en~testbus1|da~testbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/15/19 14:19:09.801]:InternalAD ST:Applying policy: %+C%14CVeto modify event for deleted users if modified in IDM%-C.
[04/15/19 14:19:09.801]:InternalAD ST: Applying to add #1.
[04/15/19 14:19:09.801]:InternalAD ST: Evaluating selection criteria for rule 'Veto modify event for deleted users if modified in IDM'.
[04/15/19 14:19:09.801]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/15/19 14:19:09.801]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.801]:InternalAD ST:Policy returned:
[04/15/19 14:19:09.801]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190415121909.534Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1" src-entry-id="554745" timestamp="1555330749#16">
<add-attr attr-name="BBCPIMContract">
<value timestamp="1555330749#5" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1555330749#16" type="string">testbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555330749#3" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMBusinessService">
<value timestamp="1555330749#9" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555330749#4" type="string">en~testbus1|da~testbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/15/19 14:19:09.847]:InternalAD ST:Applying policy: %+C%14CDelete user in AD if disabled for long time%-C.
[04/15/19 14:19:09.863]:InternalAD ST: Applying to add #1.
[04/15/19 14:19:09.863]:InternalAD ST: Evaluating selection criteria for rule 'Delete user in AD if disabled for long time - Flag set by workflow'.
[04/15/19 14:19:09.863]:InternalAD ST: (if-operation equal "modify") = FALSE.
[04/15/19 14:19:09.863]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.863]:InternalAD ST: Evaluating selection criteria for rule 'delete leaf objects of a user container'.
[04/15/19 14:19:09.863]:InternalAD ST: (if-operation equal "modify") = FALSE.
[04/15/19 14:19:09.879]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.879]:InternalAD ST: Evaluating selection criteria for rule 'delete leaf objects of a user container - modified'.
[04/15/19 14:19:09.879]:InternalAD ST: (if-operation equal "modify") = FALSE.
[04/15/19 14:19:09.879]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.879]:InternalAD ST: Evaluating selection criteria for rule 'delete leaf objects of a user container-2'.
[04/15/19 14:19:09.879]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/15/19 14:19:09.894]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.894]:InternalAD ST: Evaluating selection criteria for rule 'Child Object Test'.
[04/15/19 14:19:09.894]:InternalAD ST: (if-operation equal "modify") = FALSE.
[04/15/19 14:19:09.894]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.894]:InternalAD ST:Policy returned:
[04/15/19 14:19:09.894]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190415121909.534Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1" src-entry-id="554745" timestamp="1555330749#16">
<add-attr attr-name="BBCPIMContract">
<value timestamp="1555330749#5" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="CN">
<value timestamp="1555330749#16" type="string">testbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555330749#3" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMBusinessService">
<value timestamp="1555330749#9" type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555330749#4" type="string">en~testbus1|da~testbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/15/19 14:19:09.910]:InternalAD ST:Applying policy: %+C%14CAllow or veto role add events%-C.
[04/15/19 14:19:09.910]:InternalAD ST: Applying to add #1.
[04/15/19 14:19:09.910]:InternalAD ST: Evaluating selection criteria for rule 'Veto if not a AD Role add event'.
[04/15/19 14:19:09.926]:InternalAD ST: (if-class-name equal "nrfRole") = TRUE.
[04/15/19 14:19:09.926]:InternalAD ST: (if-operation equal "add") = TRUE.
[04/15/19 14:19:09.926]:InternalAD ST: (if-src-dn not-in-container "system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level20\ADRoles") = TRUE.
[04/15/19 14:19:09.926]:InternalAD ST: (if-src-dn not-in-subtree "\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM") = FALSE.
[04/15/19 14:19:09.941]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.941]:InternalAD ST: Evaluating selection criteria for rule 'Create group if ADD role is created in IDM'.
[04/15/19 14:19:09.941]:InternalAD ST: (if-class-name equal "nrfRole") = TRUE.
[04/15/19 14:19:09.941]:InternalAD ST: (if-src-dn in-container "system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level20\ADRoles") = FALSE.
[04/15/19 14:19:09.957]:InternalAD ST: Rule rejected.
[04/15/19 14:19:09.957]:InternalAD ST: Evaluating selection criteria for rule 'Create PIM Group if ADD role is created in IDM'.
[04/15/19 14:19:09.957]:InternalAD ST: (if-class-name equal "nrfRole") = TRUE.
[04/15/19 14:19:09.957]:InternalAD ST: (if-src-dn in-subtree "\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM") = TRUE.
[04/15/19 14:19:09.972]:InternalAD ST: Rule selected.
[04/15/19 14:19:09.972]:InternalAD ST: Applying rule 'Create PIM Group if ADD role is created in IDM'.
[04/15/19 14:19:09.972]:InternalAD ST: Action: do-set-local-variable("lv_Pim_sbcnt",scope="policy",token-substring(start="83",token-src-dn())).
[04/15/19 14:19:09.972]:InternalAD ST: arg-string(token-substring(start="83",token-src-dn()))
[04/15/19 14:19:09.972]:InternalAD ST: token-substring(start="83",token-src-dn())
[04/15/19 14:19:09.988]:InternalAD ST: token-substring(start="83",token-src-dn())
[04/15/19 14:19:09.988]:InternalAD ST: token-src-dn()
[04/15/19 14:19:09.988]:InternalAD ST: Token Value: "\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1".
[04/15/19 14:19:09.988]:InternalAD ST: Arg Value: "\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1".
[04/15/19 14:19:10.004]:InternalAD ST: Token Value: "\Prod\Onsite-Access\testbus1".
[04/15/19 14:19:10.004]:InternalAD ST: Arg Value: "\Prod\Onsite-Access\testbus1".
[04/15/19 14:19:10.004]:InternalAD ST: Action: do-set-local-variable("lv_Pim_ADcnt",scope="policy",token-replace-all("\\","%,OU=",token-local-variable("lv_Pim_sbcnt"))).
[04/15/19 14:19:10.004]:InternalAD ST: arg-string(token-replace-all("\\","%,OU=",token-local-variable("lv_Pim_sbcnt")))
[04/15/19 14:19:10.004]:InternalAD ST: token-replace-all("\\","%,OU=",token-local-variable("lv_Pim_sbcnt"))
[04/15/19 14:19:10.004]:InternalAD ST: token-replace-all("\\","%,OU=",token-local-variable("lv_Pim_sbcnt"))
[04/15/19 14:19:10.004]:InternalAD ST: token-local-variable("lv_Pim_sbcnt")
[04/15/19 14:19:10.004]:InternalAD ST: Token Value: "\Prod\Onsite-Access\testbus1".
[04/15/19 14:19:10.019]:InternalAD ST: Arg Value: "\Prod\Onsite-Access\testbus1".
[04/15/19 14:19:10.019]:InternalAD ST: Token Value: "%,OU=Prod%,OU=Onsite-Access%,OU=testbus1".
[04/15/19 14:19:10.019]:InternalAD ST: Arg Value: "%,OU=Prod%,OU=Onsite-Access%,OU=testbus1".
[04/15/19 14:19:10.019]:InternalAD ST: Action: do-set-local-variable("lv_Pim_ADcntfinal",scope="policy",arg-node-set(token-split("%",csv="true",token-local-variable("lv_Pim_ADcnt")))).
[04/15/19 14:19:10.019]:InternalAD ST: arg-node-set(token-split("%",csv="true",token-local-variable("lv_Pim_ADcnt")))
[04/15/19 14:19:10.019]:InternalAD ST: token-split("%",csv="true",token-local-variable("lv_Pim_ADcnt"))
[04/15/19 14:19:10.019]:InternalAD ST: token-split("%",csv="true",token-local-variable("lv_Pim_ADcnt"))
[04/15/19 14:19:10.019]:InternalAD ST: token-local-variable("lv_Pim_ADcnt")
[04/15/19 14:19:10.019]:InternalAD ST: Token Value: "%,OU=Prod%,OU=Onsite-Access%,OU=testbus1".
[04/15/19 14:19:10.019]:InternalAD ST: Arg Value: "%,OU=Prod%,OU=Onsite-Access%,OU=testbus1".
[04/15/19 14:19:10.019]:InternalAD ST: Token Value: {"",",OU=Prod",",OU=Onsite-Access",",OU=testbus1"}.
[04/15/19 14:19:10.035]:InternalAD ST: Arg Value: {"",",OU=Prod",",OU=Onsite-Access",",OU=testbus1"}.
[04/15/19 14:19:10.035]:InternalAD ST: Action: do-set-local-variable("lv_Pim_ADenvcnt",scope="policy",token-xpath("string($lv_Pim_ADcntfinal[2])")).
[04/15/19 14:19:10.035]:InternalAD ST: arg-string(token-xpath("string($lv_Pim_ADcntfinal[2])"))
[04/15/19 14:19:10.035]:InternalAD ST: token-xpath("string($lv_Pim_ADcntfinal[2])")
[04/15/19 14:19:10.035]:InternalAD ST: Token Value: ",OU=Prod".
[04/15/19 14:19:10.035]:InternalAD ST: Arg Value: ",OU=Prod".
[04/15/19 14:19:10.035]:InternalAD ST: Action: do-set-local-variable("lv_Pim_ADOFON",scope="policy",token-xpath("string($lv_Pim_ADcntfinal[3])")).
[04/15/19 14:19:10.053]:InternalAD ST: arg-string(token-xpath("string($lv_Pim_ADcntfinal[3])"))
[04/15/19 14:19:10.053]:InternalAD ST: token-xpath("string($lv_Pim_ADcntfinal[3])")
[04/15/19 14:19:10.053]:InternalAD ST: Token Value: ",OU=Onsite-Access".
[04/15/19 14:19:10.066]:InternalAD ST: Arg Value: ",OU=Onsite-Access".
[04/15/19 14:19:10.066]:InternalAD ST: Action: do-set-local-variable("lvPIMADGrp",scope="policy","CN="+token-src-attr("CN")+token-local-variable("lv_Pim_ADOFON")+token-local-variable("lv_Pim_ADenvcnt")+",OU=PIM,DC=idmdev,DC=BBC,DC=dk").
[04/15/19 14:19:10.082]:InternalAD ST: arg-string("CN="+token-src-attr("CN")+token-local-variable("lv_Pim_ADOFON")+token-local-variable("lv_Pim_ADenvcnt")+",OU=PIM,DC=idmdev,DC=BBC,DC=dk")
[04/15/19 14:19:10.082]:InternalAD ST: token-text("CN=")
[04/15/19 14:19:10.082]:InternalAD ST: token-src-attr("CN")
[04/15/19 14:19:10.097]:InternalAD ST: Query from policy
[04/15/19 14:19:10.097]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="nrfRole" dest-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1" dest-entry-id="554745" scope="entry">
<read-attr attr-name="CN"/>
</query>
</input>
</nds>
[04/15/19 14:19:10.113]:InternalAD ST: Pumping XDS to eDirectory.
[04/15/19 14:19:10.113]:InternalAD ST: Performing operation query for \BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1.
[04/15/19 14:19:10.113]:InternalAD ST: --JCLNT-- \BBCIDV\system\driverset1\AD-Internal-BBC : Duplicating : context = 660668580, tempContext = 660668612
[04/15/19 14:19:10.129]:InternalAD ST: --JCLNT-- \BBCIDV\system\driverset1\AD-Internal-BBC : Calling free on tempContext = 660668612
[04/15/19 14:19:10.129]:InternalAD ST: Query from policy result
[04/15/19 14:19:10.129]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="nrfRole" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1" src-entry-id="554745">
<attr attr-name="CN">
<value naming="true" timestamp="1555330749#16" type="string">testbus1</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
[04/15/19 14:19:10.129]:InternalAD ST: Token Value: "testbus1".
[04/15/19 14:19:10.129]:InternalAD ST: token-local-variable("lv_Pim_ADOFON")
[04/15/19 14:19:10.129]:InternalAD ST: Token Value: ",OU=Onsite-Access".
[04/15/19 14:19:10.129]:InternalAD ST: token-local-variable("lv_Pim_ADenvcnt")
[04/15/19 14:19:10.129]:InternalAD ST: Token Value: ",OU=Prod".
[04/15/19 14:19:10.129]:InternalAD ST: token-text(",OU=PIM,DC=idmdev,DC=BBC,DC=dk")
[04/15/19 14:19:10.129]:InternalAD ST: Arg Value: "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.129]:InternalAD ST: Action: do-add-dest-object(class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp"))).
[04/15/19 14:19:10.129]:InternalAD ST: arg-dn(token-local-variable("lvPIMADGrp"))
[04/15/19 14:19:10.129]:InternalAD ST: token-local-variable("lvPIMADGrp")
[04/15/19 14:19:10.129]:InternalAD ST: Token Value: "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.144]:InternalAD ST: Arg Value: "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.144]:InternalAD ST: Action: do-add-dest-attr-value("samAccountName",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-src-attr("CN")).
[04/15/19 14:19:10.144]:InternalAD ST: arg-dn(token-local-variable("lvPIMADGrp"))
[04/15/19 14:19:10.144]:InternalAD ST: token-local-variable("lvPIMADGrp")
[04/15/19 14:19:10.144]:InternalAD ST: Token Value: "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.144]:InternalAD ST: Arg Value: "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.144]:InternalAD ST: arg-string(token-src-attr("CN"))
[04/15/19 14:19:10.144]:InternalAD ST: token-src-attr("CN")
[04/15/19 14:19:10.144]:InternalAD ST: Token Value: "testbus1".
[04/15/19 14:19:10.144]:InternalAD ST: Arg Value: "testbus1".
[04/15/19 14:19:10.144]:InternalAD ST: Action: do-set-local-variable("LVRDECS",scope="policy",token-src-attr("nrfLocalizedDescrs")).
[04/15/19 14:19:10.144]:InternalAD ST: arg-string(token-src-attr("nrfLocalizedDescrs"))
[04/15/19 14:19:10.144]:InternalAD ST: token-src-attr("nrfLocalizedDescrs")
[04/15/19 14:19:10.144]:InternalAD ST: Query from policy
[04/15/19 14:19:10.144]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="nrfRole" dest-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1" dest-entry-id="554745" scope="entry">
<read-attr attr-name="nrfLocalizedDescrs"/>
</query>
</input>
</nds>
[04/15/19 14:19:10.160]:InternalAD ST: Pumping XDS to eDirectory.
[04/15/19 14:19:10.160]:InternalAD ST: Performing operation query for \BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1.
[04/15/19 14:19:10.160]:InternalAD ST: --JCLNT-- \BBCIDV\system\driverset1\AD-Internal-BBC : Duplicating : context = 660668580, tempContext = 660668564
[04/15/19 14:19:10.160]:InternalAD ST: --JCLNT-- \BBCIDV\system\driverset1\AD-Internal-BBC : Calling free on tempContext = 660668564
[04/15/19 14:19:10.160]:InternalAD ST: Query from policy result
[04/15/19 14:19:10.160]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="nrfRole" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1" src-entry-id="554745">
<attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555330749#3" type="string">en~testbus1|da~testbus1</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
[04/15/19 14:19:10.160]:InternalAD ST: Token Value: "en~testbus1|da~testbus1".
[04/15/19 14:19:10.160]:InternalAD ST: Arg Value: "en~testbus1|da~testbus1".
[04/15/19 14:19:10.176]:InternalAD ST: Action: do-set-local-variable("LVRDECSNew",scope="policy",token-xpath("substring-before(string($LVRDECS),'|')")).
[04/15/19 14:19:10.176]:InternalAD ST: arg-string(token-xpath("substring-before(string($LVRDECS),'|')"))
[04/15/19 14:19:10.176]:InternalAD ST: token-xpath("substring-before(string($LVRDECS),'|')")
[04/15/19 14:19:10.176]:InternalAD ST: Token Value: "en~testbus1".
[04/15/19 14:19:10.176]:InternalAD ST: Arg Value: "en~testbus1".
[04/15/19 14:19:10.176]:InternalAD ST: Action: do-set-local-variable("lv_grpdesc",scope="policy",token-substring(start="3",token-local-variable("LVRDECSNew"))).
[04/15/19 14:19:10.176]:InternalAD ST: arg-string(token-substring(start="3",token-local-variable("LVRDECSNew")))
[04/15/19 14:19:10.176]:InternalAD ST: token-substring(start="3",token-local-variable("LVRDECSNew"))
[04/15/19 14:19:10.176]:InternalAD ST: token-substring(start="3",token-local-variable("LVRDECSNew"))
[04/15/19 14:19:10.176]:InternalAD ST: token-local-variable("LVRDECSNew")
[04/15/19 14:19:10.176]:InternalAD ST: Token Value: "en~testbus1".
[04/15/19 14:19:10.176]:InternalAD ST: Arg Value: "en~testbus1".
[04/15/19 14:19:10.191]:InternalAD ST: Token Value: "testbus1".
[04/15/19 14:19:10.191]:InternalAD ST: Arg Value: "testbus1".
[04/15/19 14:19:10.191]:InternalAD ST: Action: do-add-dest-attr-value("Description",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-local-variable("lv_grpdesc")).
[04/15/19 14:19:10.191]:InternalAD ST: arg-dn(token-local-variable("lvPIMADGrp"))
[04/15/19 14:19:10.191]:InternalAD ST: token-local-variable("lvPIMADGrp")
[04/15/19 14:19:10.191]:InternalAD ST: Token Value: "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.191]:InternalAD ST: Arg Value: "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.191]:InternalAD ST: arg-string(token-local-variable("lv_grpdesc"))
[04/15/19 14:19:10.191]:InternalAD ST: token-local-variable("lv_grpdesc")
[04/15/19 14:19:10.191]:InternalAD ST: Token Value: "testbus1".
[04/15/19 14:19:10.191]:InternalAD ST: Arg Value: "testbus1".
[04/15/19 14:19:10.191]:InternalAD ST: Action: do-add-dest-attr-value("extensionAttribute8",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-op-attr("BBCPIMContract")).
[04/15/19 14:19:10.191]:InternalAD ST: arg-dn(token-local-variable("lvPIMADGrp"))
[04/15/19 14:19:10.207]:InternalAD ST: token-local-variable("lvPIMADGrp")
[04/15/19 14:19:10.207]:InternalAD ST: Token Value: "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.207]:InternalAD ST: Arg Value: "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.207]:InternalAD ST: arg-string(token-op-attr("BBCPIMContract"))
[04/15/19 14:19:10.207]:InternalAD ST: token-op-attr("BBCPIMContract")
[04/15/19 14:19:10.207]:InternalAD ST: Token Value: "en~testbus1|da~testbus1".
[04/15/19 14:19:10.207]:InternalAD ST: Arg Value: "en~testbus1|da~testbus1".
[04/15/19 14:19:10.207]:InternalAD ST: Action: do-add-dest-attr-value("extensionAttribute9",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-op-attr("BBCPIMBusinessService")).
[04/15/19 14:19:10.207]:InternalAD ST: arg-dn(token-local-variable("lvPIMADGrp"))
[04/15/19 14:19:10.207]:InternalAD ST: token-local-variable("lvPIMADGrp")
[04/15/19 14:19:10.207]:InternalAD ST: Token Value: "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.207]:InternalAD ST: Arg Value: "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.207]:InternalAD ST: arg-string(token-op-attr("BBCPIMBusinessService"))
[04/15/19 14:19:10.207]:InternalAD ST: token-op-attr("BBCPIMBusinessService")
[04/15/19 14:19:10.207]:InternalAD ST: Token Value: "en~testbus1|da~testbus1".
[04/15/19 14:19:10.207]:InternalAD ST: Arg Value: "en~testbus1|da~testbus1".
[04/15/19 14:19:10.207]:InternalAD ST: Action: do-send-email-from-template(notification-dn="Security\Default Notification Collection",template-dn="Security\Default Notification Collection\test-mail-PIM-AD-Group-Creation","zrm@BBC.dk",token-local-variable("lvPIMADGrp"),token-attr("CN")).
[04/15/19 14:19:10.207]:InternalAD ST: cc("zrm@BBC.dk")
[04/15/19 14:19:10.207]:InternalAD ST: token-text("zrm@BBC.dk")
[04/15/19 14:19:10.207]:InternalAD ST: Arg Value: "zrm@BBC.dk".
[04/15/19 14:19:10.207]:InternalAD ST: sourcedn(token-local-variable("lvPIMADGrp"))
[04/15/19 14:19:10.207]:InternalAD ST: token-local-variable("lvPIMADGrp")
[04/15/19 14:19:10.207]:InternalAD ST: Token Value: "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.207]:InternalAD ST: Arg Value: "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.207]:InternalAD ST: groupname(token-attr("CN"))
[04/15/19 14:19:10.207]:InternalAD ST: token-attr("CN")
[04/15/19 14:19:10.207]:InternalAD ST: Token Value: "testbus1".
[04/15/19 14:19:10.207]:InternalAD ST: Arg Value: "testbus1".
[04/15/19 14:19:10.222]:InternalAD ST:
DirXML Log Event -------------------
Driver: \BBCIDV\system\driverset1\AD-Internal-BBC
Channel: Subscriber
Status: Error
Message: Code(-9195) Error in vnd.nds.stream://BBCIDV/system/driverset1/AD-Internal-BBC/Subscriber/Allow+or+veto+role+add+events#XmlData:340 : Couldn't send email: java.lang.NullPointerException
[04/15/19 14:19:10.238]:InternalAD ST: Direct command from policy
[04/15/19 14:19:10.238]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="Group" dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk" event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
<add-attr attr-name="samAccountName">
<value type="string">testbus1</value>
</add-attr>
<add-attr attr-name="Description">
<value type="string">testbus1</value>
</add-attr>
<add-attr attr-name="extensionAttribute8">
<value type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="extensionAttribute9">
<value type="string">en~testbus1|da~testbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/15/19 14:19:10.238]:InternalAD ST: Fixing up association references.
[04/15/19 14:19:10.238]:InternalAD ST: Applying schema mapping policies to output.
[04/15/19 14:19:10.238]:InternalAD ST: Applying policy: %+C%14CNOVLADDCFG-smp%-C.
[04/15/19 14:19:10.238]:InternalAD ST: Mapping attr-name 'Description' to 'description'.
[04/15/19 14:19:10.238]:InternalAD ST: Mapping attr-name 'extensionAttribute8' to 'BBCPIMContract'.
[04/15/19 14:19:10.238]:InternalAD ST: Mapping attr-name 'extensionAttribute9' to 'BBCPIMBusinessService'.
[04/15/19 14:19:10.238]:InternalAD ST: Mapping class-name 'Group' to 'group'.
[04/15/19 14:19:10.238]:InternalAD ST: Applying output transformation policies.
[04/15/19 14:19:10.238]:InternalAD ST: Applying policy: %+C%14CNOVLADDCFG-otp-FormatConversions%-C.
[04/15/19 14:19:10.238]:InternalAD ST: Applying to add #1.
[04/15/19 14:19:10.238]:InternalAD ST: Evaluating selection criteria for rule 'accountExpires:Convert to Active Directory form - Updated'.
[04/15/19 14:19:10.238]:InternalAD ST: (if-op-attr 'accountExpires' not-equal "0") = TRUE.
[04/15/19 14:19:10.238]:InternalAD ST: Rule selected.
[04/15/19 14:19:10.238]:InternalAD ST: Applying rule 'accountExpires:Convert to Active Directory form - Updated'.
[04/15/19 14:19:10.238]:InternalAD ST: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateEpoch2FileTime($current-value+86400)")).
[04/15/19 14:19:10.254]:InternalAD ST: Evaluating selection criteria for rule 'lockoutTime: Convert to Active Directory form'.
[04/15/19 14:19:10.254]:InternalAD ST: Rule selected.
[04/15/19 14:19:10.254]:InternalAD ST: Applying rule 'lockoutTime: Convert to Active Directory form'.
[04/15/19 14:19:10.254]:InternalAD ST: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateEpoch2FileTime($current-value)")).
[04/15/19 14:19:10.254]:InternalAD ST: Evaluating selection criteria for rule 'update Active Directory logon name'.
[04/15/19 14:19:10.254]:InternalAD ST: (if-xpath true "self::status[@level = 'success']/operation-data/windows-2000-logon-name") = FALSE.
[04/15/19 14:19:10.254]:InternalAD ST: Rule rejected.
[04/15/19 14:19:10.254]:InternalAD ST: Policy returned:
[04/15/19 14:19:10.254]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="group" dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk" event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
<add-attr attr-name="samAccountName">
<value type="string">testbus1</value>
</add-attr>
<add-attr attr-name="description">
<value type="string">testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMContract">
<value type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMBusinessService">
<value type="string">en~testbus1|da~testbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/15/19 14:19:10.254]:InternalAD ST: Applying policy: %+C%14CNOVLPWDSYNC-otp-EmailOnFailedPwdPub%-C.
[04/15/19 14:19:10.254]:InternalAD ST: Applying to add #1.
[04/15/19 14:19:10.254]:InternalAD ST: Policy returned:
[04/15/19 14:19:10.254]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="group" dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk" event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
<add-attr attr-name="samAccountName">
<value type="string">testbus1</value>
</add-attr>
<add-attr attr-name="description">
<value type="string">testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMContract">
<value type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMBusinessService">
<value type="string">en~testbus1|da~testbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/15/19 14:19:10.254]:InternalAD ST: Applying policy: %+C%14CNOVLATRKBASE-otp-Subscribe%-C.
[04/15/19 14:19:10.269]:InternalAD ST: Applying to add #1.
[04/15/19 14:19:10.269]:InternalAD ST: Policy returned:
[04/15/19 14:19:10.269]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="group" dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk" event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
<add-attr attr-name="samAccountName">
<value type="string">testbus1</value>
</add-attr>
<add-attr attr-name="description">
<value type="string">testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMContract">
<value type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMBusinessService">
<value type="string">en~testbus1|da~testbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/15/19 14:19:10.269]:InternalAD ST: Submitting document to subscriber shim:
[04/15/19 14:19:10.269]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="group" dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk" event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
<add-attr attr-name="samAccountName">
<value type="string">testbus1</value>
</add-attr>
<add-attr attr-name="description">
<value type="string">testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMContract">
<value type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMBusinessService">
<value type="string">en~testbus1|da~testbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/15/19 14:19:10.269]:InternalAD ST: Remote Interface Driver: Sending...
[04/15/19 14:19:10.269]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="group" dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk" event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
<add-attr attr-name="samAccountName">
<value type="string">testbus1</value>
</add-attr>
<add-attr attr-name="description">
<value type="string">testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMContract">
<value type="string">en~testbus1|da~testbus1</value>
</add-attr>
<add-attr attr-name="BBCPIMBusinessService">
<value type="string">en~testbus1|da~testbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/15/19 14:19:10.269]:InternalAD ST: Remote Interface Driver: Document sent.
[04/15/19 14:19:11.368]:InternalAD :Remote Interface Driver: Received.
[04/15/19 14:19:11.368]:InternalAD :
<nds dtdversion="2.0">
<source>
<product build="201409041500" version="4.5"/>
<contact/>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0" level="success">Add event succeeded</status>
</output>
</nds>
[04/15/19 14:19:11.369]:InternalAD :Remote Interface Driver: Received document for subscriber channel
[04/15/19 14:19:11.369]:InternalAD :Remote Interface Driver: Waiting for receive...
[04/15/19 14:19:11.370]:InternalAD ST: SubscriptionShim.execute() returned:
[04/15/19 14:19:11.370]:InternalAD ST:
<nds dtdversion="2.0">
<source>
<product build="201409041500" version="4.5"/>
<contact/>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0" level="success">Add event succeeded</status>
</output>
</nds>
[04/15/19 14:19:11.371]:InternalAD ST: Applying input transformation policies.
[04/15/19 14:19:11.371]:InternalAD ST: Applying policy: %+C%14CNOVLATRKBASE-itp-Publish%-C.
[04/15/19 14:19:11.372]:InternalAD ST: Applying to status #1.
[04/15/19 14:19:11.372]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
[04/15/19 14:19:11.373]:InternalAD ST: Rule selected.
[04/15/19 14:19:11.373]:InternalAD ST: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
[04/15/19 14:19:11.373]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.373]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.374]:InternalAD ST: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
[04/15/19 14:19:11.374]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.374]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.375]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.375]:InternalAD ST: (if-class-name available) = FALSE.
[04/15/19 14:19:11.375]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.376]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - on add-association sync the operation-properties to status operations'.
[04/15/19 14:19:11.376]:InternalAD ST: (if-operation equal "add-association") = FALSE.
[04/15/19 14:19:11.377]:InternalAD ST: Rule rejected.
[04/15/19 14:19:11.377]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - Query for destination DN using Association'.
[04/15/19 14:19:11.377]:InternalAD ST: (if-operation match "modify|delete|move|rename") = FALSE.
[04/15/19 14:19:11.378]:InternalAD ST: Rule rejected.
[04/15/19 14:19:11.378]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - add interested properties to current doc for future use.'.
[04/15/19 14:19:11.378]:InternalAD ST: (if-operation match "add|modify|delete|rename|move|status") = TRUE.
[04/15/19 14:19:11.379]:InternalAD ST: Rule selected.
[04/15/19 14:19:11.379]:InternalAD ST: Applying rule 'AccountTracking - add interested properties to current doc for future use.'.
[04/15/19 14:19:11.380]:InternalAD ST: Action: do-for-each(arg-node-set(token-global-variable("drv.acctTrk.identifiers"))).
[04/15/19 14:19:11.380]:InternalAD ST: arg-node-set(token-global-variable("drv.acctTrk.identifiers"))
[04/15/19 14:19:11.380]:InternalAD ST: token-global-variable("drv.acctTrk.identifiers")
[04/15/19 14:19:11.381]:InternalAD ST: Token Value: {"sAMAccountName","userPrincipalName","LDAPDN","association"}.
[04/15/19 14:19:11.381]:InternalAD ST: Arg Value: {"sAMAccountName","userPrincipalName","LDAPDN","association"}.
[04/15/19 14:19:11.382]:InternalAD ST: Performing actions for local-variable(current-node) = "sAMAccountName".
[04/15/19 14:19:11.382]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.382]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.383]:InternalAD ST: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
[04/15/19 14:19:11.383]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.384]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.384]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.384]:InternalAD ST: (if-local-variable 'current-node' equal "association") = FALSE.
[04/15/19 14:19:11.385]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.385]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.385]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.385]:InternalAD ST: Expanded variable reference '$current-node$' to 'sAMAccountName'.
[04/15/19 14:19:11.386]:InternalAD ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
[04/15/19 14:19:11.386]:InternalAD ST: Expanded variable reference '$current-node$' to 'sAMAccountName'.
[04/15/19 14:19:11.387]:InternalAD ST: (if-op-attr '$current-node$' available) = FALSE.
[04/15/19 14:19:11.387]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.388]:InternalAD ST: Performing actions for local-variable(current-node) = "userPrincipalName".
[04/15/19 14:19:11.388]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.388]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.388]:InternalAD ST: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
[04/15/19 14:19:11.389]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.389]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.389]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.390]:InternalAD ST: (if-local-variable 'current-node' equal "association") = FALSE.
[04/15/19 14:19:11.390]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.390]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.391]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.391]:InternalAD ST: Expanded variable reference '$current-node$' to 'userPrincipalName'.
[04/15/19 14:19:11.391]:InternalAD ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
[04/15/19 14:19:11.392]:InternalAD ST: Expanded variable reference '$current-node$' to 'userPrincipalName'.
[04/15/19 14:19:11.392]:InternalAD ST: (if-op-attr '$current-node$' available) = FALSE.
[04/15/19 14:19:11.393]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.393]:InternalAD ST: Performing actions for local-variable(current-node) = "LDAPDN".
[04/15/19 14:19:11.394]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.394]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.394]:InternalAD ST: (if-local-variable 'current-node' equal "LDAPDN") = TRUE.
[04/15/19 14:19:11.394]:InternalAD ST: Expanded variable reference '$current-node$' to 'LDAPDN'.
[04/15/19 14:19:11.395]:InternalAD ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
[04/15/19 14:19:11.395]:InternalAD ST: (if-src-dn available) = FALSE.
[04/15/19 14:19:11.396]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.396]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.396]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.396]:InternalAD ST: (if-local-variable 'current-node' equal "association") = FALSE.
[04/15/19 14:19:11.397]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.397]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.397]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.398]:InternalAD ST: Expanded variable reference '$current-node$' to 'LDAPDN'.
[04/15/19 14:19:11.398]:InternalAD ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
[04/15/19 14:19:11.399]:InternalAD ST: Expanded variable reference '$current-node$' to 'LDAPDN'.
[04/15/19 14:19:11.399]:InternalAD ST: (if-op-attr '$current-node$' available) = FALSE.
[04/15/19 14:19:11.400]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.400]:InternalAD ST: Performing actions for local-variable(current-node) = "association".
[04/15/19 14:19:11.400]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.400]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.401]:InternalAD ST: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
[04/15/19 14:19:11.401]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.401]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.402]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.402]:InternalAD ST: (if-local-variable 'current-node' equal "association") = TRUE.
[04/15/19 14:19:11.402]:InternalAD ST: Expanded variable reference '$current-node$' to 'association'.
[04/15/19 14:19:11.403]:InternalAD ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
[04/15/19 14:19:11.403]:InternalAD ST: (if-association available) = FALSE.
[04/15/19 14:19:11.404]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.404]:InternalAD ST: Action: do-if().
[04/15/19 14:19:11.404]:InternalAD ST: Evaluating conditions.
[04/15/19 14:19:11.405]:InternalAD ST: Expanded variable reference '$current-node$' to 'association'.
[04/15/19 14:19:11.405]:InternalAD ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
[04/15/19 14:19:11.405]:InternalAD ST: Expanded variable reference '$current-node$' to 'association'.
[04/15/19 14:19:11.406]:InternalAD ST: (if-op-attr '$current-node$' available) = FALSE.
[04/15/19 14:19:11.406]:InternalAD ST: Performing else actions.
[04/15/19 14:19:11.407]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - Initialize status properties on published events'.
[04/15/19 14:19:11.407]:InternalAD ST: (if-operation match "add|modify|delete|rename|move") = FALSE.
[04/15/19 14:19:11.408]:InternalAD ST: Rule rejected.
[04/15/19 14:19:11.408]:InternalAD ST: Policy returned:
[04/15/19 14:19:11.408]:InternalAD ST:
<nds dtdversion="2.0">
<source>
<product build="201409041500" version="4.5"/>
<contact/>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0" level="success">Add event succeeded</status>
</output>
</nds>
[04/15/19 14:19:11.409]:InternalAD ST: Applying policy: %+C%14CNOVLATRKBASE-itp-WriteAccounts%-C.
[04/15/19 14:19:11.409]:InternalAD ST: Applying to status #1.
[04/15/19 14:19:11.410]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - Initialize Realm Mapping'.
[04/15/19 14:19:11.410]:InternalAD ST: (if-global-variable 'drv.acctTrk.enable' equal "true") = TRUE.
[04/15/19 14:19:11.411]:InternalAD ST: (if-global-variable 'drv.acctTrk.mode' equal "fanout") = FALSE.
[04/15/19 14:19:11.411]:InternalAD ST: Rule rejected.
[04/15/19 14:19:11.411]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled'.
[04/15/19 14:19:11.412]:InternalAD ST: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
[04/15/19 14:19:11.412]:InternalAD ST: Rule rejected.
[04/15/19 14:19:11.412]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - query DirXML-Accounts Attribute'.
[04/15/19 14:19:11.413]:InternalAD ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
[04/15/19 14:19:11.413]:InternalAD ST: Rule rejected.
[04/15/19 14:19:11.413]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - remove Dirxml-Account values on regular delete operation'.
[04/15/19 14:19:11.414]:InternalAD ST: (if-operation match "delete|remove-association") = FALSE.
[04/15/19 14:19:11.414]:InternalAD ST: (if-operation equal "status") = TRUE.
[04/15/19 14:19:11.415]:InternalAD ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
[04/15/19 14:19:11.415]:InternalAD ST: Rule rejected.
[04/15/19 14:19:11.415]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute on regular operations'.
[04/15/19 14:19:11.416]:InternalAD ST: (if-op-property 'AccountTracking-Operation' not-available) = TRUE.
[04/15/19 14:19:11.416]:InternalAD ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
[04/15/19 14:19:11.417]:InternalAD ST: (if-operation equal "status") = TRUE.
[04/15/19 14:19:11.417]:InternalAD ST: (if-xpath true "./@level='success' or ./@level='warning'") = TRUE.
[04/15/19 14:19:11.417]:InternalAD ST: (if-op-property 'AccountTracking-Operation' available) = FALSE.
[04/15/19 14:19:11.418]:InternalAD ST: Rule rejected.
[04/15/19 14:19:11.418]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute on mapped operations'.
[04/15/19 14:19:11.419]:InternalAD ST: (if-xpath true "operation-data/account-tracking-operation") = FALSE.
[04/15/19 14:19:11.419]:InternalAD ST: (if-xpath true "operation-data/account-tracking-operation") = FALSE.
[04/15/19 14:19:11.419]:InternalAD ST: Rule rejected.
[04/15/19 14:19:11.420]:InternalAD ST: Policy returned:
[04/15/19 14:19:11.420]:InternalAD ST:
<nds dtdversion="2.0">
<source>
<product build="201409041500" version="4.5"/>
<contact/>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0" level="success">Add event succeeded</status>
</output>
</nds>
[04/15/19 14:19:11.421]:InternalAD ST: Applying policy: %+C%14CNOVLADDCFG-itp-SubscriberUserAdd%-C.
[04/15/19 14:19:11.421]:InternalAD ST: Applying to status #1.
[04/15/19 14:19:11.422]:InternalAD ST: Evaluating selection criteria for rule 'display operation'.
[04/15/19 14:19:11.422]:InternalAD ST: Rule selected.
[04/15/19 14:19:11.422]:InternalAD ST: Applying rule 'display operation'.
[04/15/19 14:19:11.423]:InternalAD ST: Action: do-trace-message(token-operation()).
[04/15/19 14:19:11.423]:InternalAD ST: arg-string(token-operation())
[04/15/19 14:19:11.423]:InternalAD ST: token-operation()
[04/15/19 14:19:11.423]:InternalAD ST: Token Value: "status".
[04/15/19 14:19:11.424]:InternalAD ST: Arg Value: "status".
[04/15/19 14:19:11.424]:InternalAD ST:status
[04/15/19 14:19:11.424]:InternalAD ST: Evaluating selection criteria for rule 'Populate DirXML-ADContext on initial user add'.
[04/15/19 14:19:11.425]:InternalAD ST: (if-operation equal "add-association") = FALSE.
[04/15/19 14:19:11.425]:InternalAD ST: (if-operation equal "status") = TRUE.
[04/15/19 14:19:11.425]:InternalAD ST: (if-association associated) = FALSE.
[04/15/19 14:19:11.426]:InternalAD ST: Rule rejected.
[04/15/19 14:19:11.426]:InternalAD ST: Policy returned:
[04/15/19 14:19:11.426]:InternalAD ST:
<nds dtdversion="2.0">
<source>
<product build="201409041500" version="4.5"/>
<contact/>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0" level="success">Add event succeeded</status>
</output>
</nds>
0 Likes
Knowledge Partner
Knowledge Partner

Re: How to sync extensionAttributes from IDM to Active Directory

On 4/15/2019 9:34 AM, sivaramtm wrote:
>
> Hi,
>
> Log with trace level 10.


So when you add an nrfRole, you event on that, and add an
extensionAttribute8 attr to a group in the variable lvPIMADGrp

[04/15/19 14:19:10.191]:InternalAD ST: Action:
do-add-dest-attr-value("extensionAttribute8",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-op-attr("BBCPIMContract")).
[04/15/19 14:19:10.191]:InternalAD ST:
arg-dn(token-local-variable("lvPIMADGrp"))
[04/15/19 14:19:10.207]:InternalAD ST:
token-local-variable("lvPIMADGrp")
[04/15/19 14:19:10.207]:InternalAD ST: Token Value:
"CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
[04/15/19 14:19:10.207]:InternalAD ST:
arg-string(token-op-attr("BBCPIMContract"))
[04/15/19 14:19:10.207]:InternalAD ST:
token-op-attr("BBCPIMContract")
[04/15/19 14:19:10.207]:InternalAD ST: Token Value:
"en~testbus1|da~testbus1".

So you have the DN of a group in LDAP format, and the value as a string.

And you thrown an NPE:

DirXML Log Event -------------------
Driver: \BBCIDV\system\driverset1\AD-Internal-BBC
Channel: Subscriber
Status: Error
Message: Code(-9195) Error in
vnd.nds.stream://BBCIDV/system/driverset1/AD-Internal-BBC/Subscriber/Allow+or+veto+role+add+events#XmlData:340

I would guess that you need to ParseDN that DN value from LDAP to slash
format.


> [04/15/19 14:19:09.566]:InternalAD ST:type(add-entry)entry-id(554745)
> dn(\T=BBCIDV\O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1)
> class-id(2318) class-name(nrfRole)
> [04/15/19 14:19:09.566]:InternalAD
> ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=BBCPIMContract,
> string=en~testbus1|da~testbus1
> [04/15/19 14:19:09.566]:InternalAD
> ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=CN,
> string=testbus1
> [04/15/19 14:19:09.566]:InternalAD
> ST:type(add-value)Syntax=SYNTAX_CI_STRING,
> attributeName=nrfLocalizedDescrs, string=en~testbus1|da~testbus1
> [04/15/19 14:19:09.566]:InternalAD
> ST:type(add-value)Syntax=SYNTAX_CI_STRING,
> attributeName=BBCPIMBusinessService, string=en~testbus1|da~testbus1
> [04/15/19 14:19:09.566]:InternalAD
> ST:type(add-value)Syntax=SYNTAX_CI_STRING,
> attributeName=nrfLocalizedNames, string=en~testbus1|da~testbus1
> [04/15/19 14:19:09.566]:InternalAD ST:Processing events for
> transaction.
> [04/15/19 14:19:09.566]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add cached-time="20190415121909.534Z" class-name="nrfRole"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0"
> qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1"
> src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1"
> src-entry-id="554745" timestamp="1555330749#16">
> <add-attr attr-name="BBCPIMContract">
> <value timestamp="1555330749#5"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="CN">
> <value timestamp="1555330749#16" type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="nrfLocalizedDescrs">
> <value timestamp="1555330749#3"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMBusinessService">
> <value timestamp="1555330749#9"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="nrfLocalizedNames">
> <value timestamp="1555330749#4"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [04/15/19 14:19:09.597]:InternalAD ST:Applying event transformation
> policies.
> [04/15/19 14:19:09.597]:InternalAD ST:Applying policy: %+C%14CRemove
> Role and resource%-C.
> [04/15/19 14:19:09.597]:InternalAD ST: Applying to add #1.
> [04/15/19 14:19:09.597]:InternalAD ST: Evaluating selection criteria
> for rule 'Veto add event for ShareDrive'.
> [04/15/19 14:19:09.613]:InternalAD ST: (if-class-name equal
> "BBCADShareDrive") = FALSE.
> [04/15/19 14:19:09.613]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.613]:InternalAD ST: Evaluating selection criteria
> for rule 'Veto Modify event for ShareDrive'.
> [04/15/19 14:19:09.613]:InternalAD ST: (if-class-name equal
> "BBCADShareDrive") = FALSE.
> [04/15/19 14:19:09.613]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.613]:InternalAD ST: Evaluating selection criteria
> for rule 'Remove ADGroup Resource Role for Share drive'.
> [04/15/19 14:19:09.629]:InternalAD ST: (if-class-name equal
> "BBCADShareDrive") = FALSE.
> [04/15/19 14:19:09.629]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.629]:InternalAD ST:Policy returned:
> [04/15/19 14:19:09.629]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add cached-time="20190415121909.534Z" class-name="nrfRole"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0"
> qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1"
> src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1"
> src-entry-id="554745" timestamp="1555330749#16">
> <add-attr attr-name="BBCPIMContract">
> <value timestamp="1555330749#5"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="CN">
> <value timestamp="1555330749#16" type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="nrfLocalizedDescrs">
> <value timestamp="1555330749#3"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMBusinessService">
> <value timestamp="1555330749#9"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="nrfLocalizedNames">
> <value timestamp="1555330749#4"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [04/15/19 14:19:09.676]:InternalAD ST:Applying policy:
> %+C%14CDelete_Event%-C.
> [04/15/19 14:19:09.676]:InternalAD ST: Applying to add #1.
> [04/15/19 14:19:09.691]:InternalAD ST: Evaluating selection criteria
> for rule 'veto Delete Event Subscriber'.
> [04/15/19 14:19:09.691]:InternalAD ST: (if-operation equal
> "delete") = FALSE.
> [04/15/19 14:19:09.691]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.691]:InternalAD ST: Evaluating selection criteria
> for rule 'Delete_Group_in_IDM'.
> [04/15/19 14:19:09.691]:InternalAD ST: (if-class-name equal
> "nrfRole") = TRUE.
> [04/15/19 14:19:09.707]:InternalAD ST: (if-operation equal
> "delete") = FALSE.
> [04/15/19 14:19:09.707]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.707]:InternalAD ST:Policy returned:
> [04/15/19 14:19:09.707]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add cached-time="20190415121909.534Z" class-name="nrfRole"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0"
> qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1"
> src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1"
> src-entry-id="554745" timestamp="1555330749#16">
> <add-attr attr-name="BBCPIMContract">
> <value timestamp="1555330749#5"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="CN">
> <value timestamp="1555330749#16" type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="nrfLocalizedDescrs">
> <value timestamp="1555330749#3"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMBusinessService">
> <value timestamp="1555330749#9"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="nrfLocalizedNames">
> <value timestamp="1555330749#4"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [04/15/19 14:19:09.738]:InternalAD ST:Applying policy: %+C%14CUnlock AD
> Account%-C.
> [04/15/19 14:19:09.738]:InternalAD ST: Applying to add #1.
> [04/15/19 14:19:09.738]:InternalAD ST: Evaluating selection criteria
> for rule 'Unlock AD user accounts if BBCadunlock is set to true'.
> [04/15/19 14:19:09.738]:InternalAD ST: (if-operation equal
> "modify") = FALSE.
> [04/15/19 14:19:09.738]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.738]:InternalAD ST:Policy returned:
> [04/15/19 14:19:09.738]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add cached-time="20190415121909.534Z" class-name="nrfRole"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0"
> qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1"
> src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1"
> src-entry-id="554745" timestamp="1555330749#16">
> <add-attr attr-name="BBCPIMContract">
> <value timestamp="1555330749#5"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="CN">
> <value timestamp="1555330749#16" type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="nrfLocalizedDescrs">
> <value timestamp="1555330749#3"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMBusinessService">
> <value timestamp="1555330749#9"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="nrfLocalizedNames">
> <value timestamp="1555330749#4"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [04/15/19 14:19:09.801]:InternalAD ST:Applying policy: %+C%14CVeto
> modify event for deleted users if modified in IDM%-C.
> [04/15/19 14:19:09.801]:InternalAD ST: Applying to add #1.
> [04/15/19 14:19:09.801]:InternalAD ST: Evaluating selection criteria
> for rule 'Veto modify event for deleted users if modified in IDM'.
> [04/15/19 14:19:09.801]:InternalAD ST: (if-class-name equal "User")
> = FALSE.
> [04/15/19 14:19:09.801]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.801]:InternalAD ST:Policy returned:
> [04/15/19 14:19:09.801]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add cached-time="20190415121909.534Z" class-name="nrfRole"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0"
> qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1"
> src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1"
> src-entry-id="554745" timestamp="1555330749#16">
> <add-attr attr-name="BBCPIMContract">
> <value timestamp="1555330749#5"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="CN">
> <value timestamp="1555330749#16" type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="nrfLocalizedDescrs">
> <value timestamp="1555330749#3"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMBusinessService">
> <value timestamp="1555330749#9"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="nrfLocalizedNames">
> <value timestamp="1555330749#4"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [04/15/19 14:19:09.847]:InternalAD ST:Applying policy: %+C%14CDelete
> user in AD if disabled for long time%-C.
> [04/15/19 14:19:09.863]:InternalAD ST: Applying to add #1.
> [04/15/19 14:19:09.863]:InternalAD ST: Evaluating selection criteria
> for rule 'Delete user in AD if disabled for long time - Flag set by
> workflow'.
> [04/15/19 14:19:09.863]:InternalAD ST: (if-operation equal
> "modify") = FALSE.
> [04/15/19 14:19:09.863]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.863]:InternalAD ST: Evaluating selection criteria
> for rule 'delete leaf objects of a user container'.
> [04/15/19 14:19:09.863]:InternalAD ST: (if-operation equal
> "modify") = FALSE.
> [04/15/19 14:19:09.879]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.879]:InternalAD ST: Evaluating selection criteria
> for rule 'delete leaf objects of a user container - modified'.
> [04/15/19 14:19:09.879]:InternalAD ST: (if-operation equal
> "modify") = FALSE.
> [04/15/19 14:19:09.879]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.879]:InternalAD ST: Evaluating selection criteria
> for rule 'delete leaf objects of a user container-2'.
> [04/15/19 14:19:09.879]:InternalAD ST: (if-class-name equal "User")
> = FALSE.
> [04/15/19 14:19:09.894]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.894]:InternalAD ST: Evaluating selection criteria
> for rule 'Child Object Test'.
> [04/15/19 14:19:09.894]:InternalAD ST: (if-operation equal
> "modify") = FALSE.
> [04/15/19 14:19:09.894]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.894]:InternalAD ST:Policy returned:
> [04/15/19 14:19:09.894]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add cached-time="20190415121909.534Z" class-name="nrfRole"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0"
> qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1"
> src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1"
> src-entry-id="554745" timestamp="1555330749#16">
> <add-attr attr-name="BBCPIMContract">
> <value timestamp="1555330749#5"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="CN">
> <value timestamp="1555330749#16" type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="nrfLocalizedDescrs">
> <value timestamp="1555330749#3"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMBusinessService">
> <value timestamp="1555330749#9"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="nrfLocalizedNames">
> <value timestamp="1555330749#4"
> type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [04/15/19 14:19:09.910]:InternalAD ST:Applying policy: %+C%14CAllow or
> veto role add events%-C.
> [04/15/19 14:19:09.910]:InternalAD ST: Applying to add #1.
> [04/15/19 14:19:09.910]:InternalAD ST: Evaluating selection criteria
> for rule 'Veto if not a AD Role add event'.
> [04/15/19 14:19:09.926]:InternalAD ST: (if-class-name equal
> "nrfRole") = TRUE.
> [04/15/19 14:19:09.926]:InternalAD ST: (if-operation equal "add") =
> TRUE.
> [04/15/19 14:19:09.926]:InternalAD ST: (if-src-dn not-in-container
> "system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level20\ADRoles")
> = TRUE.
> [04/15/19 14:19:09.926]:InternalAD ST: (if-src-dn not-in-subtree
> "\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM")
> = FALSE.
> [04/15/19 14:19:09.941]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.941]:InternalAD ST: Evaluating selection criteria
> for rule 'Create group if ADD role is created in IDM'.
> [04/15/19 14:19:09.941]:InternalAD ST: (if-class-name equal
> "nrfRole") = TRUE.
> [04/15/19 14:19:09.941]:InternalAD ST: (if-src-dn in-container
> "system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level20\ADRoles")
> = FALSE.
> [04/15/19 14:19:09.957]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:09.957]:InternalAD ST: Evaluating selection criteria
> for rule 'Create PIM Group if ADD role is created in IDM'.
> [04/15/19 14:19:09.957]:InternalAD ST: (if-class-name equal
> "nrfRole") = TRUE.
> [04/15/19 14:19:09.957]:InternalAD ST: (if-src-dn in-subtree
> "\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM")
> = TRUE.
> [04/15/19 14:19:09.972]:InternalAD ST: Rule selected.
> [04/15/19 14:19:09.972]:InternalAD ST: Applying rule 'Create PIM
> Group if ADD role is created in IDM'.
> [04/15/19 14:19:09.972]:InternalAD ST: Action:
> do-set-local-variable("lv_Pim_sbcnt",scope="policy",token-substring(start="83",token-src-dn())).
> [04/15/19 14:19:09.972]:InternalAD ST:
> arg-string(token-substring(start="83",token-src-dn()))
> [04/15/19 14:19:09.972]:InternalAD ST:
> token-substring(start="83",token-src-dn())
> [04/15/19 14:19:09.988]:InternalAD ST:
> token-substring(start="83",token-src-dn())
> [04/15/19 14:19:09.988]:InternalAD ST: token-src-dn()
> [04/15/19 14:19:09.988]:InternalAD ST: Token Value:
> "\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1".
> [04/15/19 14:19:09.988]:InternalAD ST: Arg Value:
> "\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1".
> [04/15/19 14:19:10.004]:InternalAD ST: Token Value:
> "\Prod\Onsite-Access\testbus1".
> [04/15/19 14:19:10.004]:InternalAD ST: Arg Value:
> "\Prod\Onsite-Access\testbus1".
> [04/15/19 14:19:10.004]:InternalAD ST: Action:
> do-set-local-variable("lv_Pim_ADcnt",scope="policy",token-replace-all("\\","%,OU=",token-local-variable("lv_Pim_sbcnt"))).
> [04/15/19 14:19:10.004]:InternalAD ST:
> arg-string(token-replace-all("\\","%,OU=",token-local-variable("lv_Pim_sbcnt")))
> [04/15/19 14:19:10.004]:InternalAD ST:
> token-replace-all("\\","%,OU=",token-local-variable("lv_Pim_sbcnt"))
> [04/15/19 14:19:10.004]:InternalAD ST:
> token-replace-all("\\","%,OU=",token-local-variable("lv_Pim_sbcnt"))
> [04/15/19 14:19:10.004]:InternalAD ST:
> token-local-variable("lv_Pim_sbcnt")
> [04/15/19 14:19:10.004]:InternalAD ST: Token Value:
> "\Prod\Onsite-Access\testbus1".
> [04/15/19 14:19:10.019]:InternalAD ST: Arg Value:
> "\Prod\Onsite-Access\testbus1".
> [04/15/19 14:19:10.019]:InternalAD ST: Token Value:
> "%,OU=Prod%,OU=Onsite-Access%,OU=testbus1".
> [04/15/19 14:19:10.019]:InternalAD ST: Arg Value:
> "%,OU=Prod%,OU=Onsite-Access%,OU=testbus1".
> [04/15/19 14:19:10.019]:InternalAD ST: Action:
> do-set-local-variable("lv_Pim_ADcntfinal",scope="policy",arg-node-set(token-split("%",csv="true",token-local-variable("lv_Pim_ADcnt")))).
> [04/15/19 14:19:10.019]:InternalAD ST:
> arg-node-set(token-split("%",csv="true",token-local-variable("lv_Pim_ADcnt")))
> [04/15/19 14:19:10.019]:InternalAD ST:
> token-split("%",csv="true",token-local-variable("lv_Pim_ADcnt"))
> [04/15/19 14:19:10.019]:InternalAD ST:
> token-split("%",csv="true",token-local-variable("lv_Pim_ADcnt"))
> [04/15/19 14:19:10.019]:InternalAD ST:
> token-local-variable("lv_Pim_ADcnt")
> [04/15/19 14:19:10.019]:InternalAD ST: Token Value:
> "%,OU=Prod%,OU=Onsite-Access%,OU=testbus1".
> [04/15/19 14:19:10.019]:InternalAD ST: Arg Value:
> "%,OU=Prod%,OU=Onsite-Access%,OU=testbus1".
> [04/15/19 14:19:10.019]:InternalAD ST: Token Value:
> {"",",OU=Prod",",OU=Onsite-Access",",OU=testbus1"}.
> [04/15/19 14:19:10.035]:InternalAD ST: Arg Value:
> {"",",OU=Prod",",OU=Onsite-Access",",OU=testbus1"}.
> [04/15/19 14:19:10.035]:InternalAD ST: Action:
> do-set-local-variable("lv_Pim_ADenvcnt",scope="policy",token-xpath("string($lv_Pim_ADcntfinal[2])")).
> [04/15/19 14:19:10.035]:InternalAD ST:
> arg-string(token-xpath("string($lv_Pim_ADcntfinal[2])"))
> [04/15/19 14:19:10.035]:InternalAD ST:
> token-xpath("string($lv_Pim_ADcntfinal[2])")
> [04/15/19 14:19:10.035]:InternalAD ST: Token Value:
> ",OU=Prod".
> [04/15/19 14:19:10.035]:InternalAD ST: Arg Value: ",OU=Prod".
> [04/15/19 14:19:10.035]:InternalAD ST: Action:
> do-set-local-variable("lv_Pim_ADOFON",scope="policy",token-xpath("string($lv_Pim_ADcntfinal[3])")).
> [04/15/19 14:19:10.053]:InternalAD ST:
> arg-string(token-xpath("string($lv_Pim_ADcntfinal[3])"))
> [04/15/19 14:19:10.053]:InternalAD ST:
> token-xpath("string($lv_Pim_ADcntfinal[3])")
> [04/15/19 14:19:10.053]:InternalAD ST: Token Value:
> ",OU=Onsite-Access".
> [04/15/19 14:19:10.066]:InternalAD ST: Arg Value:
> ",OU=Onsite-Access".
> [04/15/19 14:19:10.066]:InternalAD ST: Action:
> do-set-local-variable("lvPIMADGrp",scope="policy","CN="+token-src-attr("CN")+token-local-variable("lv_Pim_ADOFON")+token-local-variable("lv_Pim_ADenvcnt")+",OU=PIM,DC=idmdev,DC=BBC,DC=dk").
> [04/15/19 14:19:10.082]:InternalAD ST:
> arg-string("CN="+token-src-attr("CN")+token-local-variable("lv_Pim_ADOFON")+token-local-variable("lv_Pim_ADenvcnt")+",OU=PIM,DC=idmdev,DC=BBC,DC=dk")
> [04/15/19 14:19:10.082]:InternalAD ST: token-text("CN=")
> [04/15/19 14:19:10.082]:InternalAD ST: token-src-attr("CN")
> [04/15/19 14:19:10.097]:InternalAD ST: Query from policy
> [04/15/19 14:19:10.097]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <query class-name="nrfRole"
> dest-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1"
> dest-entry-id="554745" scope="entry">
> <read-attr attr-name="CN"/>
> </query>
> </input>
> </nds>
> [04/15/19 14:19:10.113]:InternalAD ST: Pumping XDS to
> eDirectory.
> [04/15/19 14:19:10.113]:InternalAD ST: Performing operation
> query for
> \BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1.
> [04/15/19 14:19:10.113]:InternalAD ST: --JCLNT--
> \BBCIDV\system\driverset1\AD-Internal-BBC : Duplicating : context =
> 660668580, tempContext = 660668612
> [04/15/19 14:19:10.129]:InternalAD ST: --JCLNT--
> \BBCIDV\system\driverset1\AD-Internal-BBC : Calling free on tempContext
> = 660668612
> [04/15/19 14:19:10.129]:InternalAD ST: Query from policy
> result
> [04/15/19 14:19:10.129]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <output>
> <instance class-name="nrfRole"
> qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1"
> src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1"
> src-entry-id="554745">
> <attr attr-name="CN">
> <value naming="true" timestamp="1555330749#16"
> type="string">testbus1</value>
> </attr>
> </instance>
> <status level="success"></status>
> </output>
> </nds>
> [04/15/19 14:19:10.129]:InternalAD ST: Token Value:
> "testbus1".
> [04/15/19 14:19:10.129]:InternalAD ST:
> token-local-variable("lv_Pim_ADOFON")
> [04/15/19 14:19:10.129]:InternalAD ST: Token Value:
> ",OU=Onsite-Access".
> [04/15/19 14:19:10.129]:InternalAD ST:
> token-local-variable("lv_Pim_ADenvcnt")
> [04/15/19 14:19:10.129]:InternalAD ST: Token Value:
> ",OU=Prod".
> [04/15/19 14:19:10.129]:InternalAD ST:
> token-text(",OU=PIM,DC=idmdev,DC=BBC,DC=dk")
> [04/15/19 14:19:10.129]:InternalAD ST: Arg Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.129]:InternalAD ST: Action:
> do-add-dest-object(class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp"))).
> [04/15/19 14:19:10.129]:InternalAD ST:
> arg-dn(token-local-variable("lvPIMADGrp"))
> [04/15/19 14:19:10.129]:InternalAD ST:
> token-local-variable("lvPIMADGrp")
> [04/15/19 14:19:10.129]:InternalAD ST: Token Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.144]:InternalAD ST: Arg Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.144]:InternalAD ST: Action:
> do-add-dest-attr-value("samAccountName",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-src-attr("CN")).
> [04/15/19 14:19:10.144]:InternalAD ST:
> arg-dn(token-local-variable("lvPIMADGrp"))
> [04/15/19 14:19:10.144]:InternalAD ST:
> token-local-variable("lvPIMADGrp")
> [04/15/19 14:19:10.144]:InternalAD ST: Token Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.144]:InternalAD ST: Arg Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.144]:InternalAD ST:
> arg-string(token-src-attr("CN"))
> [04/15/19 14:19:10.144]:InternalAD ST: token-src-attr("CN")
> [04/15/19 14:19:10.144]:InternalAD ST: Token Value:
> "testbus1".
> [04/15/19 14:19:10.144]:InternalAD ST: Arg Value: "testbus1".
> [04/15/19 14:19:10.144]:InternalAD ST: Action:
> do-set-local-variable("LVRDECS",scope="policy",token-src-attr("nrfLocalizedDescrs")).
> [04/15/19 14:19:10.144]:InternalAD ST:
> arg-string(token-src-attr("nrfLocalizedDescrs"))
> [04/15/19 14:19:10.144]:InternalAD ST:
> token-src-attr("nrfLocalizedDescrs")
> [04/15/19 14:19:10.144]:InternalAD ST: Query from policy
> [04/15/19 14:19:10.144]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <query class-name="nrfRole"
> dest-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1"
> dest-entry-id="554745" scope="entry">
> <read-attr attr-name="nrfLocalizedDescrs"/>
> </query>
> </input>
> </nds>
> [04/15/19 14:19:10.160]:InternalAD ST: Pumping XDS to
> eDirectory.
> [04/15/19 14:19:10.160]:InternalAD ST: Performing operation
> query for
> \BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1.
> [04/15/19 14:19:10.160]:InternalAD ST: --JCLNT--
> \BBCIDV\system\driverset1\AD-Internal-BBC : Duplicating : context =
> 660668580, tempContext = 660668564
> [04/15/19 14:19:10.160]:InternalAD ST: --JCLNT--
> \BBCIDV\system\driverset1\AD-Internal-BBC : Calling free on tempContext
> = 660668564
> [04/15/19 14:19:10.160]:InternalAD ST: Query from policy
> result
> [04/15/19 14:19:10.160]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <output>
> <instance class-name="nrfRole"
> qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=testbus1"
> src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\testbus1"
> src-entry-id="554745">
> <attr attr-name="nrfLocalizedDescrs">
> <value timestamp="1555330749#3"
> type="string">en~testbus1|da~testbus1</value>
> </attr>
> </instance>
> <status level="success"></status>
> </output>
> </nds>
> [04/15/19 14:19:10.160]:InternalAD ST: Token Value:
> "en~testbus1|da~testbus1".
> [04/15/19 14:19:10.160]:InternalAD ST: Arg Value:
> "en~testbus1|da~testbus1".
> [04/15/19 14:19:10.176]:InternalAD ST: Action:
> do-set-local-variable("LVRDECSNew",scope="policy",token-xpath("substring-before(string($LVRDECS),'|')")).
> [04/15/19 14:19:10.176]:InternalAD ST:
> arg-string(token-xpath("substring-before(string($LVRDECS),'|')"))
> [04/15/19 14:19:10.176]:InternalAD ST:
> token-xpath("substring-before(string($LVRDECS),'|')")
> [04/15/19 14:19:10.176]:InternalAD ST: Token Value:
> "en~testbus1".
> [04/15/19 14:19:10.176]:InternalAD ST: Arg Value:
> "en~testbus1".
> [04/15/19 14:19:10.176]:InternalAD ST: Action:
> do-set-local-variable("lv_grpdesc",scope="policy",token-substring(start="3",token-local-variable("LVRDECSNew"))).
> [04/15/19 14:19:10.176]:InternalAD ST:
> arg-string(token-substring(start="3",token-local-variable("LVRDECSNew")))
> [04/15/19 14:19:10.176]:InternalAD ST:
> token-substring(start="3",token-local-variable("LVRDECSNew"))
> [04/15/19 14:19:10.176]:InternalAD ST:
> token-substring(start="3",token-local-variable("LVRDECSNew"))
> [04/15/19 14:19:10.176]:InternalAD ST:
> token-local-variable("LVRDECSNew")
> [04/15/19 14:19:10.176]:InternalAD ST: Token Value:
> "en~testbus1".
> [04/15/19 14:19:10.176]:InternalAD ST: Arg Value:
> "en~testbus1".
> [04/15/19 14:19:10.191]:InternalAD ST: Token Value:
> "testbus1".
> [04/15/19 14:19:10.191]:InternalAD ST: Arg Value: "testbus1".
> [04/15/19 14:19:10.191]:InternalAD ST: Action:
> do-add-dest-attr-value("Description",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-local-variable("lv_grpdesc")).
> [04/15/19 14:19:10.191]:InternalAD ST:
> arg-dn(token-local-variable("lvPIMADGrp"))
> [04/15/19 14:19:10.191]:InternalAD ST:
> token-local-variable("lvPIMADGrp")
> [04/15/19 14:19:10.191]:InternalAD ST: Token Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.191]:InternalAD ST: Arg Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.191]:InternalAD ST:
> arg-string(token-local-variable("lv_grpdesc"))
> [04/15/19 14:19:10.191]:InternalAD ST:
> token-local-variable("lv_grpdesc")
> [04/15/19 14:19:10.191]:InternalAD ST: Token Value:
> "testbus1".
> [04/15/19 14:19:10.191]:InternalAD ST: Arg Value: "testbus1".
> [04/15/19 14:19:10.191]:InternalAD ST: Action:
> do-add-dest-attr-value("extensionAttribute8",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-op-attr("BBCPIMContract")).
> [04/15/19 14:19:10.191]:InternalAD ST:
> arg-dn(token-local-variable("lvPIMADGrp"))
> [04/15/19 14:19:10.207]:InternalAD ST:
> token-local-variable("lvPIMADGrp")
> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.207]:InternalAD ST:
> arg-string(token-op-attr("BBCPIMContract"))
> [04/15/19 14:19:10.207]:InternalAD ST:
> token-op-attr("BBCPIMContract")
> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
> "en~testbus1|da~testbus1".
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
> "en~testbus1|da~testbus1".
> [04/15/19 14:19:10.207]:InternalAD ST: Action:
> do-add-dest-attr-value("extensionAttribute9",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-op-attr("BBCPIMBusinessService")).
> [04/15/19 14:19:10.207]:InternalAD ST:
> arg-dn(token-local-variable("lvPIMADGrp"))
> [04/15/19 14:19:10.207]:InternalAD ST:
> token-local-variable("lvPIMADGrp")
> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.207]:InternalAD ST:
> arg-string(token-op-attr("BBCPIMBusinessService"))
> [04/15/19 14:19:10.207]:InternalAD ST:
> token-op-attr("BBCPIMBusinessService")
> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
> "en~testbus1|da~testbus1".
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
> "en~testbus1|da~testbus1".
> [04/15/19 14:19:10.207]:InternalAD ST: Action:
> do-send-email-from-template(notification-dn="Security\Default
> Notification Collection",template-dn="Security\Default Notification
> Collection\test-mail-PIM-AD-Group-Creation","zrm@BBC.dk",token-local-variable("lvPIMADGrp"),token-attr("CN")).
> [04/15/19 14:19:10.207]:InternalAD ST: cc("zrm@BBC.dk")
> [04/15/19 14:19:10.207]:InternalAD ST:
> token-text("zrm@BBC.dk")
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
> "zrm@BBC.dk".
> [04/15/19 14:19:10.207]:InternalAD ST:
> sourcedn(token-local-variable("lvPIMADGrp"))
> [04/15/19 14:19:10.207]:InternalAD ST:
> token-local-variable("lvPIMADGrp")
> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.207]:InternalAD ST:
> groupname(token-attr("CN"))
> [04/15/19 14:19:10.207]:InternalAD ST: token-attr("CN")
> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
> "testbus1".
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value: "testbus1".
> [04/15/19 14:19:10.222]:InternalAD ST:
> DirXML Log Event -------------------
> Driver: \BBCIDV\system\driverset1\AD-Internal-BBC
> Channel: Subscriber
> Status: Error
> Message: Code(-9195) Error in
> vnd.nds.stream://BBCIDV/system/driverset1/AD-Internal-BBC/Subscriber/Allow+or+veto+role+add+events#XmlData:340
> : Couldn't send email: java.lang.NullPointerException
> [04/15/19 14:19:10.238]:InternalAD ST: Direct command from policy
> [04/15/19 14:19:10.238]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add class-name="Group"
> dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
> <add-attr attr-name="samAccountName">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="Description">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="extensionAttribute8">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="extensionAttribute9">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [04/15/19 14:19:10.238]:InternalAD ST: Fixing up association
> references.
> [04/15/19 14:19:10.238]:InternalAD ST: Applying schema mapping policies
> to output.
> [04/15/19 14:19:10.238]:InternalAD ST: Applying policy:
> %+C%14CNOVLADDCFG-smp%-C.
> [04/15/19 14:19:10.238]:InternalAD ST: Mapping attr-name
> 'Description' to 'description'.
> [04/15/19 14:19:10.238]:InternalAD ST: Mapping attr-name
> 'extensionAttribute8' to 'BBCPIMContract'.
> [04/15/19 14:19:10.238]:InternalAD ST: Mapping attr-name
> 'extensionAttribute9' to 'BBCPIMBusinessService'.
> [04/15/19 14:19:10.238]:InternalAD ST: Mapping class-name 'Group' to
> 'group'.
> [04/15/19 14:19:10.238]:InternalAD ST: Applying output transformation
> policies.
> [04/15/19 14:19:10.238]:InternalAD ST: Applying policy:
> %+C%14CNOVLADDCFG-otp-FormatConversions%-C.
> [04/15/19 14:19:10.238]:InternalAD ST: Applying to add #1.
> [04/15/19 14:19:10.238]:InternalAD ST: Evaluating selection
> criteria for rule 'accountExpires:Convert to Active Directory form -
> Updated'.
> [04/15/19 14:19:10.238]:InternalAD ST: (if-op-attr
> 'accountExpires' not-equal "0") = TRUE.
> [04/15/19 14:19:10.238]:InternalAD ST: Rule selected.
> [04/15/19 14:19:10.238]:InternalAD ST: Applying rule
> 'accountExpires:Convert to Active Directory form - Updated'.
> [04/15/19 14:19:10.238]:InternalAD ST: Action:
> do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateEpoch2FileTime($current-value+86400)")).
> [04/15/19 14:19:10.254]:InternalAD ST: Evaluating selection
> criteria for rule 'lockoutTime: Convert to Active Directory form'.
> [04/15/19 14:19:10.254]:InternalAD ST: Rule selected.
> [04/15/19 14:19:10.254]:InternalAD ST: Applying rule 'lockoutTime:
> Convert to Active Directory form'.
> [04/15/19 14:19:10.254]:InternalAD ST: Action:
> do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateEpoch2FileTime($current-value)")).
> [04/15/19 14:19:10.254]:InternalAD ST: Evaluating selection
> criteria for rule 'update Active Directory logon name'.
> [04/15/19 14:19:10.254]:InternalAD ST: (if-xpath true
> "self::status[@level =
> 'success']/operation-data/windows-2000-logon-name") = FALSE.
> [04/15/19 14:19:10.254]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:10.254]:InternalAD ST: Policy returned:
> [04/15/19 14:19:10.254]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add class-name="group"
> dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
> <add-attr attr-name="samAccountName">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="description">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMContract">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMBusinessService">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [04/15/19 14:19:10.254]:InternalAD ST: Applying policy:
> %+C%14CNOVLPWDSYNC-otp-EmailOnFailedPwdPub%-C.
> [04/15/19 14:19:10.254]:InternalAD ST: Applying to add #1.
> [04/15/19 14:19:10.254]:InternalAD ST: Policy returned:
> [04/15/19 14:19:10.254]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add class-name="group"
> dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
> <add-attr attr-name="samAccountName">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="description">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMContract">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMBusinessService">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [04/15/19 14:19:10.254]:InternalAD ST: Applying policy:
> %+C%14CNOVLATRKBASE-otp-Subscribe%-C.
> [04/15/19 14:19:10.269]:InternalAD ST: Applying to add #1.
> [04/15/19 14:19:10.269]:InternalAD ST: Policy returned:
> [04/15/19 14:19:10.269]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add class-name="group"
> dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
> <add-attr attr-name="samAccountName">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="description">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMContract">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMBusinessService">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [04/15/19 14:19:10.269]:InternalAD ST: Submitting document to
> subscriber shim:
> [04/15/19 14:19:10.269]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add class-name="group"
> dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
> <add-attr attr-name="samAccountName">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="description">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMContract">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMBusinessService">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [04/15/19 14:19:10.269]:InternalAD ST: Remote Interface Driver:
> Sending...
> [04/15/19 14:19:10.269]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add class-name="group"
> dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
> <add-attr attr-name="samAccountName">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="description">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMContract">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMBusinessService">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [04/15/19 14:19:10.269]:InternalAD ST: Remote Interface Driver:
> Document sent.
> [04/15/19 14:19:11.368]:InternalAD :Remote Interface Driver: Received.
> [04/15/19 14:19:11.368]:InternalAD :
> <nds dtdversion="2.0">
> <source>
> <product build="201409041500" version="4.5"/>
> <contact/>
> </source>
> <output>
> <status
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0"
> level="success">Add event succeeded</status>
> </output>
> </nds>
> [04/15/19 14:19:11.369]:InternalAD :Remote Interface Driver: Received
> document for subscriber channel
> [04/15/19 14:19:11.369]:InternalAD :Remote Interface Driver: Waiting for
> receive...
> [04/15/19 14:19:11.370]:InternalAD ST: SubscriptionShim.execute()
> returned:
> [04/15/19 14:19:11.370]:InternalAD ST:
> <nds dtdversion="2.0">
> <source>
> <product build="201409041500" version="4.5"/>
> <contact/>
> </source>
> <output>
> <status
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0"
> level="success">Add event succeeded</status>
> </output>
> </nds>
> [04/15/19 14:19:11.371]:InternalAD ST: Applying input transformation
> policies.
> [04/15/19 14:19:11.371]:InternalAD ST: Applying policy:
> %+C%14CNOVLATRKBASE-itp-Publish%-C.
> [04/15/19 14:19:11.372]:InternalAD ST: Applying to status #1.
> [04/15/19 14:19:11.372]:InternalAD ST: Evaluating selection
> criteria for rule 'AccountTracking - disregard if disabled or wrong
> object class'.
> [04/15/19 14:19:11.373]:InternalAD ST: Rule selected.
> [04/15/19 14:19:11.373]:InternalAD ST: Applying rule
> 'AccountTracking - disregard if disabled or wrong object class'.
> [04/15/19 14:19:11.373]:InternalAD ST: Action: do-if().
> [04/15/19 14:19:11.373]:InternalAD ST: Evaluating conditions.
> [04/15/19 14:19:11.374]:InternalAD ST: (if-global-variable
> 'drv.acctTrk.enable' not-equal "true") = FALSE.
> [04/15/19 14:19:11.374]:InternalAD ST: Performing else
> actions.
> [04/15/19 14:19:11.374]:InternalAD ST: Action: do-if().
> [04/15/19 14:19:11.375]:InternalAD ST: Evaluating
> conditions.
> [04/15/19 14:19:11.375]:InternalAD ST: (if-class-name
> available) = FALSE.
> [04/15/19 14:19:11.375]:InternalAD ST: Performing else
> actions.
> [04/15/19 14:19:11.376]:InternalAD ST: Evaluating selection
> criteria for rule 'AccountTracking - on add-association sync the
> operation-properties to status operations'.
> [04/15/19 14:19:11.376]:InternalAD ST: (if-operation equal
> "add-association") = FALSE.
> [04/15/19 14:19:11.377]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:11.377]:InternalAD ST: Evaluating selection
> criteria for rule 'AccountTracking - Query for destination DN using
> Association'.
> [04/15/19 14:19:11.377]:InternalAD ST: (if-operation match
> "modify|delete|move|rename") = FALSE.
> [04/15/19 14:19:11.378]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:11.378]:InternalAD ST: Evaluating selection
> criteria for rule 'AccountTracking - add interested properties to
> current doc for future use.'.
> [04/15/19 14:19:11.378]:InternalAD ST: (if-operation match
> "add|modify|delete|rename|move|status") = TRUE.
> [04/15/19 14:19:11.379]:InternalAD ST: Rule selected.
> [04/15/19 14:19:11.379]:InternalAD ST: Applying rule
> 'AccountTracking - add interested properties to current doc for future
> use.'.
> [04/15/19 14:19:11.380]:InternalAD ST: Action:
> do-for-each(arg-node-set(token-global-variable("drv.acctTrk.identifiers"))).
> [04/15/19 14:19:11.380]:InternalAD ST:
> arg-node-set(token-global-variable("drv.acctTrk.identifiers"))
> [04/15/19 14:19:11.380]:InternalAD ST:
> token-global-variable("drv.acctTrk.identifiers")
> [04/15/19 14:19:11.381]:InternalAD ST: Token Value:
> {"sAMAccountName","userPrincipalName","LDAPDN","association"}.
> [04/15/19 14:19:11.381]:InternalAD ST: Arg Value:
> {"sAMAccountName","userPrincipalName","LDAPDN","association"}.
> [04/15/19 14:19:11.382]:InternalAD ST: Performing actions for
> local-variable(current-node) = "sAMAccountName".
> [04/15/19 14:19:11.382]:InternalAD ST: Action: do-if().
> [04/15/19 14:19:11.382]:InternalAD ST: Evaluating
> conditions.
> [04/15/19 14:19:11.383]:InternalAD ST: (if-local-variable
> 'current-node' equal "LDAPDN") = FALSE.
> [04/15/19 14:19:11.383]:InternalAD ST: Performing else
> actions.
> [04/15/19 14:19:11.384]:InternalAD ST: Action: do-if().
> [04/15/19 14:19:11.384]:InternalAD ST: Evaluating
> conditions.
> [04/15/19 14:19:11.384]:InternalAD ST:
> (if-local-variable 'current-node' equal "association") = FALSE.
> [04/15/19 14:19:11.385]:InternalAD ST: Performing else
> actions.
> [04/15/19 14:19:11.385]:InternalAD ST: Action:
> do-if().
> [04/15/19 14:19:11.385]:InternalAD ST: Evaluating
> conditions.
> [04/15/19 14:19:11.385]:InternalAD ST: Expanded
> variable reference '$current-node$' to 'sAMAccountName'.
> [04/15/19 14:19:11.386]:InternalAD ST:
> (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
> [04/15/19 14:19:11.386]:InternalAD ST: Expanded
> variable reference '$current-node$' to 'sAMAccountName'.
> [04/15/19 14:19:11.387]:InternalAD ST:
> (if-op-attr '$current-node$' available) = FALSE.
> [04/15/19 14:19:11.387]:InternalAD ST: Performing
> else actions.
> [04/15/19 14:19:11.388]:InternalAD ST: Performing actions for
> local-variable(current-node) = "userPrincipalName".
> [04/15/19 14:19:11.388]:InternalAD ST: Action: do-if().
> [04/15/19 14:19:11.388]:InternalAD ST: Evaluating
> conditions.
> [04/15/19 14:19:11.388]:InternalAD ST: (if-local-variable
> 'current-node' equal "LDAPDN") = FALSE.
> [04/15/19 14:19:11.389]:InternalAD ST: Performing else
> actions.
> [04/15/19 14:19:11.389]:InternalAD ST: Action: do-if().
> [04/15/19 14:19:11.389]:InternalAD ST: Evaluating
> conditions.
> [04/15/19 14:19:11.390]:InternalAD ST:
> (if-local-variable 'current-node' equal "association") = FALSE.
> [04/15/19 14:19:11.390]:InternalAD ST: Performing else
> actions.
> [04/15/19 14:19:11.390]:InternalAD ST: Action:
> do-if().
> [04/15/19 14:19:11.391]:InternalAD ST: Evaluating
> conditions.
> [04/15/19 14:19:11.391]:InternalAD ST: Expanded
> variable reference '$current-node$' to 'userPrincipalName'.
> [04/15/19 14:19:11.391]:InternalAD ST:
> (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
> [04/15/19 14:19:11.392]:InternalAD ST: Expanded
> variable reference '$current-node$' to 'userPrincipalName'.
> [04/15/19 14:19:11.392]:InternalAD ST:
> (if-op-attr '$current-node$' available) = FALSE.
> [04/15/19 14:19:11.393]:InternalAD ST: Performing
> else actions.
> [04/15/19 14:19:11.393]:InternalAD ST: Performing actions for
> local-variable(current-node) = "LDAPDN".
> [04/15/19 14:19:11.394]:InternalAD ST: Action: do-if().
> [04/15/19 14:19:11.394]:InternalAD ST: Evaluating
> conditions.
> [04/15/19 14:19:11.394]:InternalAD ST: (if-local-variable
> 'current-node' equal "LDAPDN") = TRUE.
> [04/15/19 14:19:11.394]:InternalAD ST: Expanded variable
> reference '$current-node$' to 'LDAPDN'.
> [04/15/19 14:19:11.395]:InternalAD ST: (if-op-property
> 'AccountTracking-$current-node$' not-available) = TRUE.
> [04/15/19 14:19:11.395]:InternalAD ST: (if-src-dn
> available) = FALSE.
> [04/15/19 14:19:11.396]:InternalAD ST: Performing else
> actions.
> [04/15/19 14:19:11.396]:InternalAD ST: Action: do-if().
> [04/15/19 14:19:11.396]:InternalAD ST: Evaluating
> conditions.
> [04/15/19 14:19:11.396]:InternalAD ST:
> (if-local-variable 'current-node' equal "association") = FALSE.
> [04/15/19 14:19:11.397]:InternalAD ST: Performing else
> actions.
> [04/15/19 14:19:11.397]:InternalAD ST: Action:
> do-if().
> [04/15/19 14:19:11.397]:InternalAD ST: Evaluating
> conditions.
> [04/15/19 14:19:11.398]:InternalAD ST: Expanded
> variable reference '$current-node$' to 'LDAPDN'.
> [04/15/19 14:19:11.398]:InternalAD ST:
> (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
> [04/15/19 14:19:11.399]:InternalAD ST: Expanded
> variable reference '$current-node$' to 'LDAPDN'.
> [04/15/19 14:19:11.399]:InternalAD ST:
> (if-op-attr '$current-node$' available) = FALSE.
> [04/15/19 14:19:11.400]:InternalAD ST: Performing
> else actions.
> [04/15/19 14:19:11.400]:InternalAD ST: Performing actions for
> local-variable(current-node) = "association".
> [04/15/19 14:19:11.400]:InternalAD ST: Action: do-if().
> [04/15/19 14:19:11.400]:InternalAD ST: Evaluating
> conditions.
> [04/15/19 14:19:11.401]:InternalAD ST: (if-local-variable
> 'current-node' equal "LDAPDN") = FALSE.
> [04/15/19 14:19:11.401]:InternalAD ST: Performing else
> actions.
> [04/15/19 14:19:11.401]:InternalAD ST: Action: do-if().
> [04/15/19 14:19:11.402]:InternalAD ST: Evaluating
> conditions.
> [04/15/19 14:19:11.402]:InternalAD ST:
> (if-local-variable 'current-node' equal "association") = TRUE.
> [04/15/19 14:19:11.402]:InternalAD ST: Expanded
> variable reference '$current-node$' to 'association'.
> [04/15/19 14:19:11.403]:InternalAD ST:
> (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
> [04/15/19 14:19:11.403]:InternalAD ST:
> (if-association available) = FALSE.
> [04/15/19 14:19:11.404]:InternalAD ST: Performing else
> actions.
> [04/15/19 14:19:11.404]:InternalAD ST: Action:
> do-if().
> [04/15/19 14:19:11.404]:InternalAD ST: Evaluating
> conditions.
> [04/15/19 14:19:11.405]:InternalAD ST: Expanded
> variable reference '$current-node$' to 'association'.
> [04/15/19 14:19:11.405]:InternalAD ST:
> (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
> [04/15/19 14:19:11.405]:InternalAD ST: Expanded
> variable reference '$current-node$' to 'association'.
> [04/15/19 14:19:11.406]:InternalAD ST:
> (if-op-attr '$current-node$' available) = FALSE.
> [04/15/19 14:19:11.406]:InternalAD ST: Performing
> else actions.
> [04/15/19 14:19:11.407]:InternalAD ST: Evaluating selection
> criteria for rule 'AccountTracking - Initialize status properties on
> published events'.
> [04/15/19 14:19:11.407]:InternalAD ST: (if-operation match
> "add|modify|delete|rename|move") = FALSE.
> [04/15/19 14:19:11.408]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:11.408]:InternalAD ST: Policy returned:
> [04/15/19 14:19:11.408]:InternalAD ST:
> <nds dtdversion="2.0">
> <source>
> <product build="201409041500" version="4.5"/>
> <contact/>
> </source>
> <output>
> <status
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0"
> level="success">Add event succeeded</status>
> </output>
> </nds>
> [04/15/19 14:19:11.409]:InternalAD ST: Applying policy:
> %+C%14CNOVLATRKBASE-itp-WriteAccounts%-C.
> [04/15/19 14:19:11.409]:InternalAD ST: Applying to status #1.
> [04/15/19 14:19:11.410]:InternalAD ST: Evaluating selection
> criteria for rule 'AccountTracking - Initialize Realm Mapping'.
> [04/15/19 14:19:11.410]:InternalAD ST: (if-global-variable
> 'drv.acctTrk.enable' equal "true") = TRUE.
> [04/15/19 14:19:11.411]:InternalAD ST: (if-global-variable
> 'drv.acctTrk.mode' equal "fanout") = FALSE.
> [04/15/19 14:19:11.411]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:11.411]:InternalAD ST: Evaluating selection
> criteria for rule 'AccountTracking - disregard if disabled'.
> [04/15/19 14:19:11.412]:InternalAD ST: (if-global-variable
> 'drv.acctTrk.enable' not-equal "true") = FALSE.
> [04/15/19 14:19:11.412]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:11.412]:InternalAD ST: Evaluating selection
> criteria for rule 'AccountTracking - query DirXML-Accounts Attribute'.
> [04/15/19 14:19:11.413]:InternalAD ST: (if-op-property
> 'AccountTracking-ObjectDN' available) = FALSE.
> [04/15/19 14:19:11.413]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:11.413]:InternalAD ST: Evaluating selection
> criteria for rule 'AccountTracking - remove Dirxml-Account values on
> regular delete operation'.
> [04/15/19 14:19:11.414]:InternalAD ST: (if-operation match
> "delete|remove-association") = FALSE.
> [04/15/19 14:19:11.414]:InternalAD ST: (if-operation equal
> "status") = TRUE.
> [04/15/19 14:19:11.415]:InternalAD ST: (if-op-property
> 'AccountTracking-ObjectDN' available) = FALSE.
> [04/15/19 14:19:11.415]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:11.415]:InternalAD ST: Evaluating selection
> criteria for rule 'AccountTracking - update DirXMLAccounts attribute on
> regular operations'.
> [04/15/19 14:19:11.416]:InternalAD ST: (if-op-property
> 'AccountTracking-Operation' not-available) = TRUE.
> [04/15/19 14:19:11.416]:InternalAD ST: (if-op-property
> 'AccountTracking-ObjectDN' available) = FALSE.
> [04/15/19 14:19:11.417]:InternalAD ST: (if-operation equal
> "status") = TRUE.
> [04/15/19 14:19:11.417]:InternalAD ST: (if-xpath true
> "./@level='success' or ./@level='warning'") = TRUE.
> [04/15/19 14:19:11.417]:InternalAD ST: (if-op-property
> 'AccountTracking-Operation' available) = FALSE.
> [04/15/19 14:19:11.418]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:11.418]:InternalAD ST: Evaluating selection
> criteria for rule 'AccountTracking - update DirXMLAccounts attribute on
> mapped operations'.
> [04/15/19 14:19:11.419]:InternalAD ST: (if-xpath true
> "operation-data/account-tracking-operation") = FALSE.
> [04/15/19 14:19:11.419]:InternalAD ST: (if-xpath true
> "operation-data/account-tracking-operation") = FALSE.
> [04/15/19 14:19:11.419]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:11.420]:InternalAD ST: Policy returned:
> [04/15/19 14:19:11.420]:InternalAD ST:
> <nds dtdversion="2.0">
> <source>
> <product build="201409041500" version="4.5"/>
> <contact/>
> </source>
> <output>
> <status
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0"
> level="success">Add event succeeded</status>
> </output>
> </nds>
> [04/15/19 14:19:11.421]:InternalAD ST: Applying policy:
> %+C%14CNOVLADDCFG-itp-SubscriberUserAdd%-C.
> [04/15/19 14:19:11.421]:InternalAD ST: Applying to status #1.
> [04/15/19 14:19:11.422]:InternalAD ST: Evaluating selection
> criteria for rule 'display operation'.
> [04/15/19 14:19:11.422]:InternalAD ST: Rule selected.
> [04/15/19 14:19:11.422]:InternalAD ST: Applying rule 'display
> operation'.
> [04/15/19 14:19:11.423]:InternalAD ST: Action:
> do-trace-message(token-operation()).
> [04/15/19 14:19:11.423]:InternalAD ST:
> arg-string(token-operation())
> [04/15/19 14:19:11.423]:InternalAD ST: token-operation()
> [04/15/19 14:19:11.423]:InternalAD ST: Token Value:
> "status".
> [04/15/19 14:19:11.424]:InternalAD ST: Arg Value: "status".
> [04/15/19 14:19:11.424]:InternalAD ST:status
> [04/15/19 14:19:11.424]:InternalAD ST: Evaluating selection
> criteria for rule 'Populate DirXML-ADContext on initial user add'.
> [04/15/19 14:19:11.425]:InternalAD ST: (if-operation equal
> "add-association") = FALSE.
> [04/15/19 14:19:11.425]:InternalAD ST: (if-operation equal
> "status") = TRUE.
> [04/15/19 14:19:11.425]:InternalAD ST: (if-association
> associated) = FALSE.
> [04/15/19 14:19:11.426]:InternalAD ST: Rule rejected.
> [04/15/19 14:19:11.426]:InternalAD ST: Policy returned:
> [04/15/19 14:19:11.426]:InternalAD ST:
> <nds dtdversion="2.0">
> <source>
> <product build="201409041500" version="4.5"/>
> <contact/>
> </source>
> <output>
> <status
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0"
> level="success">Add event succeeded</status>
> </output>
> </nds>
>
>


0 Likes
sivaramtm Super Contributor.
Super Contributor.

Re: How to sync extensionAttributes from IDM to Active Direc

No the group object get create in AD when i disable adding of these extension attributes. The error in log is due to sending mail.
0 Likes
Knowledge Partner
Knowledge Partner

Re: How to sync extensionAttributes from IDM to Active Directory

On 4/15/2019 10:36 AM, sivaramtm wrote:
>
> No the group object get create in AD when i disable adding of these
> extension attributes. The error in log is due to sending mail.


Perhaps. But the error I called out is NOT The Send Email error, you
have a different one. It is possible to have manyissues in one event,
like an onion you need to peel back all the layers.


0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: How to sync extensionAttributes from IDM to Active Directory

On 04/15/2019 07:34 AM, sivaramtm wrote:
>
> Log with trace level 10.
>
> [04/15/19 14:19:10.191]:InternalAD ST: Action:
> do-add-dest-attr-value("extensionAttribute8",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-op-attr("BBCPIMContract")).
> [04/15/19 14:19:10.191]:InternalAD ST:
> arg-dn(token-local-variable("lvPIMADGrp"))
> [04/15/19 14:19:10.207]:InternalAD ST:
> token-local-variable("lvPIMADGrp")
> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.207]:InternalAD ST:
> arg-string(token-op-attr("BBCPIMContract"))
> [04/15/19 14:19:10.207]:InternalAD ST:
> token-op-attr("BBCPIMContract")
> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
> "en~testbus1|da~testbus1".
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
> "en~testbus1|da~testbus1".
> [04/15/19 14:19:10.207]:InternalAD ST: Action:
> do-add-dest-attr-value("extensionAttribute9",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-op-attr("BBCPIMBusinessService")).
> [04/15/19 14:19:10.207]:InternalAD ST:
> arg-dn(token-local-variable("lvPIMADGrp"))
> [04/15/19 14:19:10.207]:InternalAD ST:
> token-local-variable("lvPIMADGrp")
> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.207]:InternalAD ST:
> arg-string(token-op-attr("BBCPIMBusinessService"))
> [04/15/19 14:19:10.207]:InternalAD ST:
> token-op-attr("BBCPIMBusinessService")
> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
> "en~testbus1|da~testbus1".
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
> "en~testbus1|da~testbus1".
> [04/15/19 14:19:10.207]:InternalAD ST: Action:
> do-send-email-from-template(notification-dn="Security\Default
> Notification Collection",template-dn="Security\Default Notification
> Collection\test-mail-PIM-AD-Group-Creation","zrm@BBC.dk",token-local-variable("lvPIMADGrp"),token-attr("CN")).
> [04/15/19 14:19:10.207]:InternalAD ST: cc("zrm@BBC.dk")
> [04/15/19 14:19:10.207]:InternalAD ST:
> token-text("zrm@BBC.dk")
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
> "zrm@BBC.dk".
> [04/15/19 14:19:10.207]:InternalAD ST:
> sourcedn(token-local-variable("lvPIMADGrp"))
> [04/15/19 14:19:10.207]:InternalAD ST:
> token-local-variable("lvPIMADGrp")
> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
> [04/15/19 14:19:10.207]:InternalAD ST:
> groupname(token-attr("CN"))
> [04/15/19 14:19:10.207]:InternalAD ST: token-attr("CN")
> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
> "testbus1".
> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value: "testbus1".
> [04/15/19 14:19:10.222]:InternalAD ST:
> DirXML Log Event -------------------
> Driver: \BBCIDV\system\driverset1\AD-Internal-BBC
> Channel: Subscriber
> Status: Error
> Message: Code(-9195) Error in
> vnd.nds.stream://BBCIDV/system/driverset1/AD-Internal-BBC/Subscriber/Allow+or+veto+role+add+events#XmlData:340
> : Couldn't send email: java.lang.NullPointerException
> [04/15/19 14:19:10.238]:InternalAD ST: Direct command from policy
> [04/15/19 14:19:10.238]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add class-name="Group"
> dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
> <add-attr attr-name="samAccountName">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="Description">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="extensionAttribute8">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="extensionAttribute9">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>


The stuff above is what was generated by your actions, so that looks okay
to me so far. Skipping ahead we find the final schema-mapped stuff being
sent to microsoft active directory (MAD):

> [04/15/19 14:19:10.269]:InternalAD ST: Remote Interface Driver:
> Sending...
> [04/15/19 14:19:10.269]:InternalAD ST:
> <nds dtdversion="4.0" ndsversion="8.x">
> <source>
> <product edition="Advanced" version="4.6.3.0">DirXML</product>
> <contact>NetIQ Corporation</contact>
> </source>
> <input>
> <add class-name="group"
> dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk"
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
> <add-attr attr-name="samAccountName">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="description">
> <value type="string">testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMContract">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> <add-attr attr-name="BBCPIMBusinessService">
> <value type="string">en~testbus1|da~testbus1</value>
> </add-attr>
> </add>
> </input>
> </nds>
> [04/15/19 14:19:10.269]:InternalAD ST: Remote Interface Driver:
> Document sent.


We also see what was sent back from the driver (shim):

> [04/15/19 14:19:11.368]:InternalAD :Remote Interface Driver: Received.
> [04/15/19 14:19:11.368]:InternalAD :
> <nds dtdversion="2.0">
> <source>
> <product build="201409041500" version="4.5"/>
> <contact/>
> </source>
> <output>
> <status
> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0"
> level="success">Add event succeeded</status>
> </output>
> </nds>


That all looks pretty good, and it even indicates 'Add event succeeded'
which is pretty positive. Are you SURE that the object was not created?
MAD is notorious for slow replication times. If you were to send through
this exact event again, would you see the same thing? An error about a
duplicate object or something? How, with lots of detail, are you
verifying the group object does NOT exist? To which box are you
connecting, using which tools, etc.?

Looking at the shim version there, you can see it is from 2014, which was
an eternity ago. You may want to try upgrading to the latest shim on the
Remote Loader (RL) side, which may requiring newer licenses on the engine
side, in case there is an ancient bug out there which you are hitting
where the response back to the shim is incomplete, or just wrong. I seem
to remember an old issue where, if you lacked one of the XML properties,
the shim could silently drop the event, but I think it was something David
reported a long time ago, and it may have been for a completely different
driver (shim).

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
Knowledge Partner
Knowledge Partner

Re: How to sync extensionAttributes from IDM to Active Directory

On 4/15/2019 1:08 PM, ab wrote:
> On 04/15/2019 07:34 AM, sivaramtm wrote:
>>
>> Log with trace level 10.
>>
>> [04/15/19 14:19:10.191]:InternalAD ST: Action:
>> do-add-dest-attr-value("extensionAttribute8",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-op-attr("BBCPIMContract")).
>> [04/15/19 14:19:10.191]:InternalAD ST:
>> arg-dn(token-local-variable("lvPIMADGrp"))
>> [04/15/19 14:19:10.207]:InternalAD ST:
>> token-local-variable("lvPIMADGrp")
>> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
>> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
>> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
>> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
>> [04/15/19 14:19:10.207]:InternalAD ST:
>> arg-string(token-op-attr("BBCPIMContract"))
>> [04/15/19 14:19:10.207]:InternalAD ST:
>> token-op-attr("BBCPIMContract")
>> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
>> "en~testbus1|da~testbus1".
>> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
>> "en~testbus1|da~testbus1".
>> [04/15/19 14:19:10.207]:InternalAD ST: Action:
>> do-add-dest-attr-value("extensionAttribute9",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-op-attr("BBCPIMBusinessService")).
>> [04/15/19 14:19:10.207]:InternalAD ST:
>> arg-dn(token-local-variable("lvPIMADGrp"))
>> [04/15/19 14:19:10.207]:InternalAD ST:
>> token-local-variable("lvPIMADGrp")
>> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
>> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
>> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
>> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
>> [04/15/19 14:19:10.207]:InternalAD ST:
>> arg-string(token-op-attr("BBCPIMBusinessService"))
>> [04/15/19 14:19:10.207]:InternalAD ST:
>> token-op-attr("BBCPIMBusinessService")
>> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
>> "en~testbus1|da~testbus1".
>> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
>> "en~testbus1|da~testbus1".
>> [04/15/19 14:19:10.207]:InternalAD ST: Action:
>> do-send-email-from-template(notification-dn="Security\Default
>> Notification Collection",template-dn="Security\Default Notification
>> Collection\test-mail-PIM-AD-Group-Creation","zrm@BBC.dk",token-local-variable("lvPIMADGrp"),token-attr("CN")).
>> [04/15/19 14:19:10.207]:InternalAD ST: cc("zrm@BBC.dk")
>> [04/15/19 14:19:10.207]:InternalAD ST:
>> token-text("zrm@BBC.dk")
>> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
>> "zrm@BBC.dk".
>> [04/15/19 14:19:10.207]:InternalAD ST:
>> sourcedn(token-local-variable("lvPIMADGrp"))
>> [04/15/19 14:19:10.207]:InternalAD ST:
>> token-local-variable("lvPIMADGrp")
>> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
>> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
>> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value:
>> "CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk".
>> [04/15/19 14:19:10.207]:InternalAD ST:
>> groupname(token-attr("CN"))
>> [04/15/19 14:19:10.207]:InternalAD ST: token-attr("CN")
>> [04/15/19 14:19:10.207]:InternalAD ST: Token Value:
>> "testbus1".
>> [04/15/19 14:19:10.207]:InternalAD ST: Arg Value: "testbus1".
>> [04/15/19 14:19:10.222]:InternalAD ST:
>> DirXML Log Event -------------------
>> Driver: \BBCIDV\system\driverset1\AD-Internal-BBC
>> Channel: Subscriber
>> Status: Error
>> Message: Code(-9195) Error in
>> vnd.nds.stream://BBCIDV/system/driverset1/AD-Internal-BBC/Subscriber/Allow+or+veto+role+add+events#XmlData:340
>> : Couldn't send email: java.lang.NullPointerException
>> [04/15/19 14:19:10.238]:InternalAD ST: Direct command from policy
>> [04/15/19 14:19:10.238]:InternalAD ST:
>> <nds dtdversion="4.0" ndsversion="8.x">
>> <source>
>> <product edition="Advanced" version="4.6.3.0">DirXML</product>
>> <contact>NetIQ Corporation</contact>
>> </source>
>> <input>
>> <add class-name="Group"
>> dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk"
>> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
>> <add-attr attr-name="samAccountName">
>> <value type="string">testbus1</value>
>> </add-attr>
>> <add-attr attr-name="Description">
>> <value type="string">testbus1</value>
>> </add-attr>
>> <add-attr attr-name="extensionAttribute8">
>> <value type="string">en~testbus1|da~testbus1</value>
>> </add-attr>
>> <add-attr attr-name="extensionAttribute9">
>> <value type="string">en~testbus1|da~testbus1</value>
>> </add-attr>
>> </add>
>> </input>
>> </nds>

>
> The stuff above is what was generated by your actions, so that looks okay
> to me so far. Skipping ahead we find the final schema-mapped stuff being
> sent to microsoft active directory (MAD):
>
>> [04/15/19 14:19:10.269]:InternalAD ST: Remote Interface Driver:
>> Sending...
>> [04/15/19 14:19:10.269]:InternalAD ST:
>> <nds dtdversion="4.0" ndsversion="8.x">
>> <source>
>> <product edition="Advanced" version="4.6.3.0">DirXML</product>
>> <contact>NetIQ Corporation</contact>
>> </source>
>> <input>
>> <add class-name="group"
>> dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk"
>> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">
>> <add-attr attr-name="samAccountName">
>> <value type="string">testbus1</value>
>> </add-attr>
>> <add-attr attr-name="description">
>> <value type="string">testbus1</value>
>> </add-attr>
>> <add-attr attr-name="BBCPIMContract">
>> <value type="string">en~testbus1|da~testbus1</value>
>> </add-attr>
>> <add-attr attr-name="BBCPIMBusinessService">
>> <value type="string">en~testbus1|da~testbus1</value>
>> </add-attr>
>> </add>
>> </input>
>> </nds>
>> [04/15/19 14:19:10.269]:InternalAD ST: Remote Interface Driver:
>> Document sent.

>
> We also see what was sent back from the driver (shim):
>
>> [04/15/19 14:19:11.368]:InternalAD :Remote Interface Driver: Received.
>> [04/15/19 14:19:11.368]:InternalAD :
>> <nds dtdversion="2.0">
>> <source>
>> <product build="201409041500" version="4.5"/>
>> <contact/>
>> </source>
>> <output>
>> <status
>> event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0"
>> level="success">Add event succeeded</status>
>> </output>
>> </nds>

>
> That all looks pretty good, and it even indicates 'Add event succeeded'
> which is pretty positive. Are you SURE that the object was not created?
> MAD is notorious for slow replication times. If you were to send through
> this exact event again, would you see the same thing? An error about a
> duplicate object or something? How, with lots of detail, are you
> verifying the group object does NOT exist? To which box are you
> connecting, using which tools, etc.?
>
> Looking at the shim version there, you can see it is from 2014, which was
> an eternity ago. You may want to try upgrading to the latest shim on the
> Remote Loader (RL) side, which may requiring newer licenses on the engine
> side, in case there is an ancient bug out there which you are hitting
> where the response back to the shim is incomplete, or just wrong. I seem
> to remember an old issue where, if you lacked one of the XML properties,
> the shim could silently drop the event, but I think it was something David
> reported a long time ago, and it may have been for a completely different
> driver (shim).



The issue you are remembering is if you miss the object class, it drops
the event silently.

<add class-name="group"
dest-dn="CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk"
event-id="BBCDBS0015-NDS#20190415121909#2#1:ea63ed3a-2cea-46b0-b505-830479f275f0">

So this does include the object class (class-name) so not likely that issue.


0 Likes
sivaramtm Super Contributor.
Super Contributor.

Re: How to sync extensionAttributes from IDM to Active Direc

As i mentioned earlier Group object creation works when i disable adding the extension attributes in AD Driver. Any suggestions on other changes required to do in IDM or AD to sync these attributes.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: How to sync extensionAttributes from IDM to Active Directory

On 04/16/2019 06:44 AM, sivaramtm wrote:
>
> As i mentioned earlier Group object creation works when i disable adding
> the extension attributes in AD Driver. Any suggestions on other changes
> required to do in IDM or AD to sync these attributes.


With the object never being created it would seem that either microsoft
active directory (MAD) is misreporting the failure to create, or the MAD
IDM driver (shim) is misinterpreting the data from MAD which indicates a
failure. Neither seems particularly likely, and I'm not sure how to
monitor the communication between the shim and MAD without just turning
the Remote Loader (RL) trace level up to at least five (5), but you could
also test the create via LDAP to see if that works at all:


dn: CN=testbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmdev,DC=BBC,DC=dk
changetype: add
objectClass: group
samAccountName: testbus1
description: testbus1
BBCPIMContract: en~testbus1|da~testbus1
BBCPIMBusinessService: en~testbus1|da~testbus1



Use Apache Directory Studio, or 'ldapmodify', or something equivalent to
apply that to MAD and see if the create works. If so, or if not, post
back the results. A few things may happen:

1. You'll get an error that the object already exists. If so, MAD is
broken since you are not seeing it, but everything in IDM is working properly.
2. You may get an error on create because of the attributes, or their
values. If so, fix those, and the old IDM driver (shim) you have then has
a bug where the failure is not being reported back to IDM properly, but
you need to get on a current version to report a bug.
3. You may get a success all around, in which case something is wrong
with your outdated MAD driver (shim); again, you should upgrade and test
with something current so a bug can be reported, unless the new version
fixes the issue.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
sivaramtm Super Contributor.
Super Contributor.

Re: How to sync extensionAttributes from IDM to Active Direc

Hi,

Please find the new error.

[04/17/19 12:42:19.189]:InternalAD ST:Start transaction.
[04/17/19 12:42:19.189]:InternalAD ST:type(add-entry)entry-id(554819) dn(\T=BBCIDV\O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1) class-id(2318) class-name(nrfRole)
[04/17/19 12:42:19.190]:InternalAD ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=CN, string=tstpimgrpbus1
[04/17/19 12:42:19.191]:InternalAD ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=nrfLocalizedDescrs, string=en~tstpimgrpbus1|da~tstpimgrpbus1
[04/17/19 12:42:19.191]:InternalAD ST:type(add-value)Syntax=SYNTAX_CI_STRING, attributeName=nrfLocalizedNames, string=en~tstpimgrpbus1|da~tstpimgrpbus1
[04/17/19 12:42:19.192]:InternalAD ST:Processing events for transaction.
[04/17/19 12:42:19.193]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.198]:InternalAD ST:Applying event transformation policies.
[04/17/19 12:42:19.199]:InternalAD ST:Applying policy: %+C%14CRemove Role and resource%-C.
[04/17/19 12:42:19.199]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.199]:InternalAD ST: Evaluating selection criteria for rule 'Veto add event for ShareDrive'.
[04/17/19 12:42:19.200]:InternalAD ST: (if-class-name equal "BBCADShareDrive") = FALSE.
[04/17/19 12:42:19.200]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.201]:InternalAD ST: Evaluating selection criteria for rule 'Veto Modify event for ShareDrive'.
[04/17/19 12:42:19.201]:InternalAD ST: (if-class-name equal "BBCADShareDrive") = FALSE.
[04/17/19 12:42:19.202]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.202]:InternalAD ST: Evaluating selection criteria for rule 'Remove ADGroup Resource Role for Share drive'.
[04/17/19 12:42:19.202]:InternalAD ST: (if-class-name equal "BBCADShareDrive") = FALSE.
[04/17/19 12:42:19.203]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.203]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.203]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.209]:InternalAD ST:Applying policy: %+C%14CDelete_Event%-C.
[04/17/19 12:42:19.209]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.209]:InternalAD ST: Evaluating selection criteria for rule 'veto Delete Event Subscriber'.
[04/17/19 12:42:19.210]:InternalAD ST: (if-operation equal "delete") = FALSE.
[04/17/19 12:42:19.210]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.210]:InternalAD ST: Evaluating selection criteria for rule 'Delete_Group_in_IDM'.
[04/17/19 12:42:19.211]:InternalAD ST: (if-class-name equal "nrfRole") = TRUE.
[04/17/19 12:42:19.211]:InternalAD ST: (if-operation equal "delete") = FALSE.
[04/17/19 12:42:19.212]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.212]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.212]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.218]:InternalAD ST:Applying policy: %+C%14CUnlock AD Account%-C.
[04/17/19 12:42:19.218]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.219]:InternalAD ST: Evaluating selection criteria for rule 'Unlock AD user accounts if BBCadunlock is set to true'.
[04/17/19 12:42:19.219]:InternalAD ST: (if-operation equal "modify") = FALSE.
[04/17/19 12:42:19.220]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.220]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.220]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.225]:InternalAD ST:Applying policy: %+C%14CVeto modify event for deleted users if modified in IDM%-C.
[04/17/19 12:42:19.226]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.226]:InternalAD ST: Evaluating selection criteria for rule 'Veto modify event for deleted users if modified in IDM'.
[04/17/19 12:42:19.227]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/17/19 12:42:19.227]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.227]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.227]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.232]:InternalAD ST:Applying policy: %+C%14CDelete user in AD if disabled for long time%-C.
[04/17/19 12:42:19.233]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.233]:InternalAD ST: Evaluating selection criteria for rule 'Delete user in AD if disabled for long time - Flag set by workflow'.
[04/17/19 12:42:19.234]:InternalAD ST: (if-operation equal "modify") = FALSE.
[04/17/19 12:42:19.234]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.235]:InternalAD ST: Evaluating selection criteria for rule 'delete leaf objects of a user container'.
[04/17/19 12:42:19.235]:InternalAD ST: (if-operation equal "modify") = FALSE.
[04/17/19 12:42:19.236]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.236]:InternalAD ST: Evaluating selection criteria for rule 'delete leaf objects of a user container - modified'.
[04/17/19 12:42:19.237]:InternalAD ST: (if-operation equal "modify") = FALSE.
[04/17/19 12:42:19.237]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.237]:InternalAD ST: Evaluating selection criteria for rule 'delete leaf objects of a user container-2'.
[04/17/19 12:42:19.238]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/17/19 12:42:19.238]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.238]:InternalAD ST: Evaluating selection criteria for rule 'Child Object Test'.
[04/17/19 12:42:19.239]:InternalAD ST: (if-operation equal "modify") = FALSE.
[04/17/19 12:42:19.239]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.239]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.240]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.244]:InternalAD ST:Applying policy: %+C%14CAllow or veto role add events%-C.
[04/17/19 12:42:19.245]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.245]:InternalAD ST: Evaluating selection criteria for rule 'Veto if not a AD Role add event'.
[04/17/19 12:42:19.245]:InternalAD ST: (if-class-name equal "nrfRole") = TRUE.
[04/17/19 12:42:19.246]:InternalAD ST: (if-operation equal "add") = TRUE.
[04/17/19 12:42:19.246]:InternalAD ST: (if-src-dn not-in-container "system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level20\ADRoles") = TRUE.
[04/17/19 12:42:19.246]:InternalAD ST: (if-src-dn not-in-subtree "\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM") = FALSE.
[04/17/19 12:42:19.247]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.247]:InternalAD ST: Evaluating selection criteria for rule 'Create group if ADD role is created in IDM'.
[04/17/19 12:42:19.248]:InternalAD ST: (if-class-name equal "nrfRole") = TRUE.
[04/17/19 12:42:19.248]:InternalAD ST: (if-src-dn in-container "system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level20\ADRoles") = FALSE.
[04/17/19 12:42:19.249]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.249]:InternalAD ST: Evaluating selection criteria for rule 'Create PIM Group if ADD role is created in IDM'.
[04/17/19 12:42:19.249]:InternalAD ST: (if-class-name equal "nrfRole") = TRUE.
[04/17/19 12:42:19.250]:InternalAD ST: (if-src-dn in-subtree "\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM") = TRUE.
[04/17/19 12:42:19.250]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.250]:InternalAD ST: Applying rule 'Create PIM Group if ADD role is created in IDM'.
[04/17/19 12:42:19.251]:InternalAD ST: Action: do-set-local-variable("lv_Pim_sbcnt",scope="policy",token-substring(start="83",token-src-dn())).
[04/17/19 12:42:19.251]:InternalAD ST: arg-string(token-substring(start="83",token-src-dn()))
[04/17/19 12:42:19.252]:InternalAD ST: token-substring(start="83",token-src-dn())
[04/17/19 12:42:19.252]:InternalAD ST: token-substring(start="83",token-src-dn())
[04/17/19 12:42:19.252]:InternalAD ST: token-src-dn()
[04/17/19 12:42:19.253]:InternalAD ST: Token Value: "\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1".
[04/17/19 12:42:19.253]:InternalAD ST: Arg Value: "\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1".
[04/17/19 12:42:19.254]:InternalAD ST: Token Value: "\Prod\Onsite-Access\tstpimgrpbus1".
[04/17/19 12:42:19.255]:InternalAD ST: Arg Value: "\Prod\Onsite-Access\tstpimgrpbus1".
[04/17/19 12:42:19.255]:InternalAD ST: Action: do-set-local-variable("lv_Pim_ADcnt",scope="policy",token-replace-all("\\","%,OU=",token-local-variable("lv_Pim_sbcnt"))).
[04/17/19 12:42:19.256]:InternalAD ST: arg-string(token-replace-all("\\","%,OU=",token-local-variable("lv_Pim_sbcnt")))
[04/17/19 12:42:19.256]:InternalAD ST: token-replace-all("\\","%,OU=",token-local-variable("lv_Pim_sbcnt"))
[04/17/19 12:42:19.257]:InternalAD ST: token-replace-all("\\","%,OU=",token-local-variable("lv_Pim_sbcnt"))
[04/17/19 12:42:19.257]:InternalAD ST: token-local-variable("lv_Pim_sbcnt")
[04/17/19 12:42:19.257]:InternalAD ST: Token Value: "\Prod\Onsite-Access\tstpimgrpbus1".
[04/17/19 12:42:19.258]:InternalAD ST: Arg Value: "\Prod\Onsite-Access\tstpimgrpbus1".
[04/17/19 12:42:19.258]:InternalAD ST: Token Value: "%,OU=Prod%,OU=Onsite-Access%,OU=tstpimgrpbus1".
[04/17/19 12:42:19.259]:InternalAD ST: Arg Value: "%,OU=Prod%,OU=Onsite-Access%,OU=tstpimgrpbus1".
[04/17/19 12:42:19.259]:InternalAD ST: Action: do-set-local-variable("lv_Pim_ADcntfinal",scope="policy",arg-node-set(token-split("%",csv="true",token-local-variable("lv_Pim_ADcnt")))).
[04/17/19 12:42:19.260]:InternalAD ST: arg-node-set(token-split("%",csv="true",token-local-variable("lv_Pim_ADcnt")))
[04/17/19 12:42:19.260]:InternalAD ST: token-split("%",csv="true",token-local-variable("lv_Pim_ADcnt"))
[04/17/19 12:42:19.260]:InternalAD ST: token-split("%",csv="true",token-local-variable("lv_Pim_ADcnt"))
[04/17/19 12:42:19.261]:InternalAD ST: token-local-variable("lv_Pim_ADcnt")
[04/17/19 12:42:19.261]:InternalAD ST: Token Value: "%,OU=Prod%,OU=Onsite-Access%,OU=tstpimgrpbus1".
[04/17/19 12:42:19.262]:InternalAD ST: Arg Value: "%,OU=Prod%,OU=Onsite-Access%,OU=tstpimgrpbus1".
[04/17/19 12:42:19.262]:InternalAD ST: Token Value: {"",",OU=Prod",",OU=Onsite-Access",",OU=tstpimgrpbus1"}.
[04/17/19 12:42:19.262]:InternalAD ST: Arg Value: {"",",OU=Prod",",OU=Onsite-Access",",OU=tstpimgrpbus1"}.
[04/17/19 12:42:19.263]:InternalAD ST: Action: do-set-local-variable("lv_Pim_ADenvcnt",scope="policy",token-xpath("string($lv_Pim_ADcntfinal[2])")).
[04/17/19 12:42:19.263]:InternalAD ST: arg-string(token-xpath("string($lv_Pim_ADcntfinal[2])"))
[04/17/19 12:42:19.264]:InternalAD ST: token-xpath("string($lv_Pim_ADcntfinal[2])")
[04/17/19 12:42:19.264]:InternalAD ST: Token Value: ",OU=Prod".
[04/17/19 12:42:19.264]:InternalAD ST: Arg Value: ",OU=Prod".
[04/17/19 12:42:19.265]:InternalAD ST: Action: do-set-local-variable("lv_Pim_ADOFON",scope="policy",token-xpath("string($lv_Pim_ADcntfinal[3])")).
[04/17/19 12:42:19.265]:InternalAD ST: arg-string(token-xpath("string($lv_Pim_ADcntfinal[3])"))
[04/17/19 12:42:19.266]:InternalAD ST: token-xpath("string($lv_Pim_ADcntfinal[3])")
[04/17/19 12:42:19.266]:InternalAD ST: Token Value: ",OU=Onsite-Access".
[04/17/19 12:42:19.266]:InternalAD ST: Arg Value: ",OU=Onsite-Access".
[04/17/19 12:42:19.267]:InternalAD ST: Action: do-set-local-variable("lvPIMADGrp",scope="policy","CN="+token-src-attr("CN")+token-local-variable("lv_Pim_ADOFON")+token-local-variable("lv_Pim_ADenvcnt")+","+token-global-variable("PIMGroup-Container")).
[04/17/19 12:42:19.268]:InternalAD ST: arg-string("CN="+token-src-attr("CN")+token-local-variable("lv_Pim_ADOFON")+token-local-variable("lv_Pim_ADenvcnt")+","+token-global-variable("PIMGroup-Container"))
[04/17/19 12:42:19.268]:InternalAD ST: token-text("CN=")
[04/17/19 12:42:19.269]:InternalAD ST: token-src-attr("CN")
[04/17/19 12:42:19.269]:InternalAD ST: Query from policy
[04/17/19 12:42:19.269]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="nrfRole" dest-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" dest-entry-id="554819" scope="entry">
<read-attr attr-name="CN"/>
</query>
</input>
</nds>
[04/17/19 12:42:19.271]:InternalAD ST: Pumping XDS to eDirectory.
[04/17/19 12:42:19.271]:InternalAD ST: Performing operation query for \BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1.
[04/17/19 12:42:19.272]:InternalAD ST: --JCLNT-- \BBCIDV\system\driverset1\AD-Internal-BBC : Duplicating : context = 660668603, tempContext = 660668564
[04/17/19 12:42:19.273]:InternalAD ST: --JCLNT-- \BBCIDV\system\driverset1\AD-Internal-BBC : Calling free on tempContext = 660668564
[04/17/19 12:42:19.274]:InternalAD ST: Query from policy result
[04/17/19 12:42:19.274]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="nrfRole" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819">
<attr attr-name="CN">
<value naming="true" timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
[04/17/19 12:42:19.277]:InternalAD ST: Token Value: "tstpimgrpbus1".
[04/17/19 12:42:19.277]:InternalAD ST: token-local-variable("lv_Pim_ADOFON")
[04/17/19 12:42:19.278]:InternalAD ST: Token Value: ",OU=Onsite-Access".
[04/17/19 12:42:19.278]:InternalAD ST: token-local-variable("lv_Pim_ADenvcnt")
[04/17/19 12:42:19.278]:InternalAD ST: Token Value: ",OU=Prod".
[04/17/19 12:42:19.279]:InternalAD ST: token-text(",")
[04/17/19 12:42:19.279]:InternalAD ST: token-global-variable("PIMGroup-Container")
[04/17/19 12:42:19.279]:InternalAD ST: Token Value: "OU=PIM,DC=idmtst,DC=BBC,DC=dk".
[04/17/19 12:42:19.280]:InternalAD ST: Arg Value: "CN=tstpimgrpbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk".
[04/17/19 12:42:19.280]:InternalAD ST: Action: do-add-dest-object(class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp"))).
[04/17/19 12:42:19.281]:InternalAD ST: arg-dn(token-local-variable("lvPIMADGrp"))
[04/17/19 12:42:19.281]:InternalAD ST: token-local-variable("lvPIMADGrp")
[04/17/19 12:42:19.282]:InternalAD ST: Token Value: "CN=tstpimgrpbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk".
[04/17/19 12:42:19.282]:InternalAD ST: Arg Value: "CN=tstpimgrpbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk".
[04/17/19 12:42:19.283]:InternalAD ST: Action: do-add-dest-attr-value("samAccountName",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-src-attr("CN")).
[04/17/19 12:42:19.284]:InternalAD ST: arg-dn(token-local-variable("lvPIMADGrp"))
[04/17/19 12:42:19.284]:InternalAD ST: token-local-variable("lvPIMADGrp")
[04/17/19 12:42:19.284]:InternalAD ST: Token Value: "CN=tstpimgrpbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk".
[04/17/19 12:42:19.285]:InternalAD ST: Arg Value: "CN=tstpimgrpbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk".
[04/17/19 12:42:19.285]:InternalAD ST: arg-string(token-src-attr("CN"))
[04/17/19 12:42:19.286]:InternalAD ST: token-src-attr("CN")
[04/17/19 12:42:19.286]:InternalAD ST: Token Value: "tstpimgrpbus1".
[04/17/19 12:42:19.286]:InternalAD ST: Arg Value: "tstpimgrpbus1".
[04/17/19 12:42:19.287]:InternalAD ST: Action: do-set-local-variable("LVRDECS",scope="policy",token-src-attr("nrfLocalizedDescrs")).
[04/17/19 12:42:19.287]:InternalAD ST: arg-string(token-src-attr("nrfLocalizedDescrs"))
[04/17/19 12:42:19.287]:InternalAD ST: token-src-attr("nrfLocalizedDescrs")
[04/17/19 12:42:19.288]:InternalAD ST: Query from policy
[04/17/19 12:42:19.288]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<query class-name="nrfRole" dest-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" dest-entry-id="554819" scope="entry">
<read-attr attr-name="nrfLocalizedDescrs"/>
</query>
</input>
</nds>
[04/17/19 12:42:19.290]:InternalAD ST: Pumping XDS to eDirectory.
[04/17/19 12:42:19.291]:InternalAD ST: Performing operation query for \BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1.
[04/17/19 12:42:19.292]:InternalAD ST: --JCLNT-- \BBCIDV\system\driverset1\AD-Internal-BBC : Duplicating : context = 660668603, tempContext = 660668619
[04/17/19 12:42:19.294]:InternalAD ST: --JCLNT-- \BBCIDV\system\driverset1\AD-Internal-BBC : Calling free on tempContext = 660668619
[04/17/19 12:42:19.295]:InternalAD ST: Query from policy result
[04/17/19 12:42:19.295]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<output>
<instance class-name="nrfRole" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819">
<attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</attr>
</instance>
<status level="success"></status>
</output>
</nds>
[04/17/19 12:42:19.301]:InternalAD ST: Token Value: "en~tstpimgrpbus1|da~tstpimgrpbus1".
[04/17/19 12:42:19.302]:InternalAD ST: Arg Value: "en~tstpimgrpbus1|da~tstpimgrpbus1".
[04/17/19 12:42:19.303]:InternalAD ST: Action: do-set-local-variable("LVRDECSNew",scope="policy",token-xpath("substring-before(string($LVRDECS),'|')")).
[04/17/19 12:42:19.304]:InternalAD ST: arg-string(token-xpath("substring-before(string($LVRDECS),'|')"))
[04/17/19 12:42:19.305]:InternalAD ST: token-xpath("substring-before(string($LVRDECS),'|')")
[04/17/19 12:42:19.306]:InternalAD ST: Token Value: "en~tstpimgrpbus1".
[04/17/19 12:42:19.307]:InternalAD ST: Arg Value: "en~tstpimgrpbus1".
[04/17/19 12:42:19.307]:InternalAD ST: Action: do-set-local-variable("lv_grpdesc",scope="policy",token-substring(start="3",token-local-variable("LVRDECSNew"))).
[04/17/19 12:42:19.308]:InternalAD ST: arg-string(token-substring(start="3",token-local-variable("LVRDECSNew")))
[04/17/19 12:42:19.309]:InternalAD ST: token-substring(start="3",token-local-variable("LVRDECSNew"))
[04/17/19 12:42:19.310]:InternalAD ST: token-substring(start="3",token-local-variable("LVRDECSNew"))
[04/17/19 12:42:19.311]:InternalAD ST: token-local-variable("LVRDECSNew")
[04/17/19 12:42:19.312]:InternalAD ST: Token Value: "en~tstpimgrpbus1".
[04/17/19 12:42:19.313]:InternalAD ST: Arg Value: "en~tstpimgrpbus1".
[04/17/19 12:42:19.314]:InternalAD ST: Token Value: "tstpimgrpbus1".
[04/17/19 12:42:19.314]:InternalAD ST: Arg Value: "tstpimgrpbus1".
[04/17/19 12:42:19.315]:InternalAD ST: Action: do-add-dest-attr-value("Description",class-name="Group",direct="true",arg-dn(token-local-variable("lvPIMADGrp")),token-local-variable("lv_grpdesc")).
[04/17/19 12:42:19.317]:InternalAD ST: arg-dn(token-local-variable("lvPIMADGrp"))
[04/17/19 12:42:19.318]:InternalAD ST: token-local-variable("lvPIMADGrp")
[04/17/19 12:42:19.319]:InternalAD ST: Token Value: "CN=tstpimgrpbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk".
[04/17/19 12:42:19.320]:InternalAD ST: Arg Value: "CN=tstpimgrpbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk".
[04/17/19 12:42:19.320]:InternalAD ST: arg-string(token-local-variable("lv_grpdesc"))
[04/17/19 12:42:19.321]:InternalAD ST: token-local-variable("lv_grpdesc")
[04/17/19 12:42:19.322]:InternalAD ST: Token Value: "tstpimgrpbus1".
[04/17/19 12:42:19.322]:InternalAD ST: Arg Value: "tstpimgrpbus1".
[04/17/19 12:42:19.323]:InternalAD ST: Direct command from policy
[04/17/19 12:42:19.323]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="Group" dest-dn="CN=tstpimgrpbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2">
<add-attr attr-name="samAccountName">
<value type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="Description">
<value type="string">tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.331]:InternalAD ST: Fixing up association references.
[04/17/19 12:42:19.331]:InternalAD ST: Applying schema mapping policies to output.
[04/17/19 12:42:19.333]:InternalAD ST: Applying policy: %+C%14CNOVLADDCFG-smp%-C.
[04/17/19 12:42:19.334]:InternalAD ST: Mapping attr-name 'Description' to 'description'.
[04/17/19 12:42:19.334]:InternalAD ST: Mapping class-name 'Group' to 'group'.
[04/17/19 12:42:19.335]:InternalAD ST: Applying output transformation policies.
[04/17/19 12:42:19.336]:InternalAD ST: Applying policy: %+C%14CNOVLADDCFG-otp-FormatConversions%-C.
[04/17/19 12:42:19.337]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.338]:InternalAD ST: Evaluating selection criteria for rule 'accountExpires:Convert to Active Directory form - Updated'.
[04/17/19 12:42:19.339]:InternalAD ST: (if-op-attr 'accountExpires' not-equal "0") = TRUE.
[04/17/19 12:42:19.340]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.340]:InternalAD ST: Applying rule 'accountExpires:Convert to Active Directory form - Updated'.
[04/17/19 12:42:19.341]:InternalAD ST: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateEpoch2FileTime($current-value+86400)")).
[04/17/19 12:42:19.342]:InternalAD ST: Evaluating selection criteria for rule 'lockoutTime: Convert to Active Directory form'.
[04/17/19 12:42:19.343]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.344]:InternalAD ST: Applying rule 'lockoutTime: Convert to Active Directory form'.
[04/17/19 12:42:19.345]:InternalAD ST: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateEpoch2FileTime($current-value)")).
[04/17/19 12:42:19.347]:InternalAD ST: Evaluating selection criteria for rule 'update Active Directory logon name'.
[04/17/19 12:42:19.348]:InternalAD ST: (if-xpath true "self::status[@level = 'success']/operation-data/windows-2000-logon-name") = FALSE.
[04/17/19 12:42:19.353]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.354]:InternalAD ST: Policy returned:
[04/17/19 12:42:19.354]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="group" dest-dn="CN=tstpimgrpbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2">
<add-attr attr-name="samAccountName">
<value type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="description">
<value type="string">tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.362]:InternalAD ST: Applying policy: %+C%14CNOVLPWDSYNC-otp-EmailOnFailedPwdPub%-C.
[04/17/19 12:42:19.363]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.363]:InternalAD ST: Policy returned:
[04/17/19 12:42:19.364]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="group" dest-dn="CN=tstpimgrpbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2">
<add-attr attr-name="samAccountName">
<value type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="description">
<value type="string">tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.369]:InternalAD ST: Applying policy: %+C%14CNOVLATRKBASE-otp-Subscribe%-C.
[04/17/19 12:42:19.370]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.370]:InternalAD ST: Policy returned:
[04/17/19 12:42:19.370]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="group" dest-dn="CN=tstpimgrpbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2">
<add-attr attr-name="samAccountName">
<value type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="description">
<value type="string">tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.375]:InternalAD ST: Submitting document to subscriber shim:
[04/17/19 12:42:19.376]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="group" dest-dn="CN=tstpimgrpbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2">
<add-attr attr-name="samAccountName">
<value type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="description">
<value type="string">tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.385]:InternalAD ST: Remote Interface Driver: Sending...
[04/17/19 12:42:19.386]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="group" dest-dn="CN=tstpimgrpbus1,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2">
<add-attr attr-name="samAccountName">
<value type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="description">
<value type="string">tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.392]:InternalAD ST: Remote Interface Driver: Document sent.
[04/17/19 12:42:19.426]:InternalAD :Remote Interface Driver: Received.
[04/17/19 12:42:19.427]:InternalAD :
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" level="success"/>
</output>
</nds>
[04/17/19 12:42:19.432]:InternalAD :Remote Interface Driver: Received document for subscriber channel
[04/17/19 12:42:19.433]:InternalAD :Remote Interface Driver: Waiting for receive...
[04/17/19 12:42:19.433]:InternalAD ST: SubscriptionShim.execute() returned:
[04/17/19 12:42:19.435]:InternalAD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" level="success"/>
</output>
</nds>
[04/17/19 12:42:19.439]:InternalAD ST: Applying input transformation policies.
[04/17/19 12:42:19.440]:InternalAD ST: Applying policy: %+C%14CNOVLATRKBASE-itp-Publish%-C.
[04/17/19 12:42:19.440]:InternalAD ST: Applying to status #1.
[04/17/19 12:42:19.441]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled or wrong object class'.
[04/17/19 12:42:19.443]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.443]:InternalAD ST: Applying rule 'AccountTracking - disregard if disabled or wrong object class'.
[04/17/19 12:42:19.445]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.445]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.447]:InternalAD ST: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
[04/17/19 12:42:19.450]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.453]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.455]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.458]:InternalAD ST: (if-class-name available) = FALSE.
[04/17/19 12:42:19.467]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.469]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - on add-association sync the operation-properties to status operations'.
[04/17/19 12:42:19.480]:InternalAD ST: (if-operation equal "add-association") = FALSE.
[04/17/19 12:42:19.484]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.486]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - Query for destination DN using Association'.
[04/17/19 12:42:19.490]:InternalAD ST: (if-operation match "modify|delete|move|rename") = FALSE.
[04/17/19 12:42:19.493]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.495]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - add interested properties to current doc for future use.'.
[04/17/19 12:42:19.499]:InternalAD ST: (if-operation match "add|modify|delete|rename|move|status") = TRUE.
[04/17/19 12:42:19.501]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.501]:InternalAD ST: Applying rule 'AccountTracking - add interested properties to current doc for future use.'.
[04/17/19 12:42:19.501]:InternalAD ST: Action: do-for-each(arg-node-set(token-global-variable("drv.acctTrk.identifiers"))).
[04/17/19 12:42:19.503]:InternalAD ST: arg-node-set(token-global-variable("drv.acctTrk.identifiers"))
[04/17/19 12:42:19.504]:InternalAD ST: token-global-variable("drv.acctTrk.identifiers")
[04/17/19 12:42:19.505]:InternalAD ST: Token Value: {"sAMAccountName","userPrincipalName","LDAPDN","association"}.
[04/17/19 12:42:19.505]:InternalAD ST: Arg Value: {"sAMAccountName","userPrincipalName","LDAPDN","association"}.
[04/17/19 12:42:19.507]:InternalAD ST: Performing actions for local-variable(current-node) = "sAMAccountName".
[04/17/19 12:42:19.509]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.512]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.514]:InternalAD ST: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
[04/17/19 12:42:19.517]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.519]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.522]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.525]:InternalAD ST: (if-local-variable 'current-node' equal "association") = FALSE.
[04/17/19 12:42:19.527]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.529]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.529]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.529]:InternalAD ST: Expanded variable reference '$current-node$' to 'sAMAccountName'.
[04/17/19 12:42:19.530]:InternalAD ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
[04/17/19 12:42:19.531]:InternalAD ST: Expanded variable reference '$current-node$' to 'sAMAccountName'.
[04/17/19 12:42:19.532]:InternalAD ST: (if-op-attr '$current-node$' available) = FALSE.
[04/17/19 12:42:19.533]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.534]:InternalAD ST: Performing actions for local-variable(current-node) = "userPrincipalName".
[04/17/19 12:42:19.535]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.536]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.536]:InternalAD ST: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
[04/17/19 12:42:19.537]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.537]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.539]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.539]:InternalAD ST: (if-local-variable 'current-node' equal "association") = FALSE.
[04/17/19 12:42:19.540]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.540]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.541]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.542]:InternalAD ST: Expanded variable reference '$current-node$' to 'userPrincipalName'.
[04/17/19 12:42:19.543]:InternalAD ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
[04/17/19 12:42:19.544]:InternalAD ST: Expanded variable reference '$current-node$' to 'userPrincipalName'.
[04/17/19 12:42:19.546]:InternalAD ST: (if-op-attr '$current-node$' available) = FALSE.
[04/17/19 12:42:19.546]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.547]:InternalAD ST: Performing actions for local-variable(current-node) = "LDAPDN".
[04/17/19 12:42:19.548]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.548]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.549]:InternalAD ST: (if-local-variable 'current-node' equal "LDAPDN") = TRUE.
[04/17/19 12:42:19.549]:InternalAD ST: Expanded variable reference '$current-node$' to 'LDAPDN'.
[04/17/19 12:42:19.551]:InternalAD ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
[04/17/19 12:42:19.552]:InternalAD ST: (if-src-dn available) = FALSE.
[04/17/19 12:42:19.553]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.553]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.554]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.555]:InternalAD ST: (if-local-variable 'current-node' equal "association") = FALSE.
[04/17/19 12:42:19.556]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.557]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.559]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.560]:InternalAD ST: Expanded variable reference '$current-node$' to 'LDAPDN'.
[04/17/19 12:42:19.561]:InternalAD ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
[04/17/19 12:42:19.563]:InternalAD ST: Expanded variable reference '$current-node$' to 'LDAPDN'.
[04/17/19 12:42:19.563]:InternalAD ST: (if-op-attr '$current-node$' available) = FALSE.
[04/17/19 12:42:19.564]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.564]:InternalAD ST: Performing actions for local-variable(current-node) = "association".
[04/17/19 12:42:19.565]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.566]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.567]:InternalAD ST: (if-local-variable 'current-node' equal "LDAPDN") = FALSE.
[04/17/19 12:42:19.568]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.569]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.570]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.570]:InternalAD ST: (if-local-variable 'current-node' equal "association") = TRUE.
[04/17/19 12:42:19.572]:InternalAD ST: Expanded variable reference '$current-node$' to 'association'.
[04/17/19 12:42:19.573]:InternalAD ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
[04/17/19 12:42:19.575]:InternalAD ST: (if-association available) = FALSE.
[04/17/19 12:42:19.576]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.578]:InternalAD ST: Action: do-if().
[04/17/19 12:42:19.578]:InternalAD ST: Evaluating conditions.
[04/17/19 12:42:19.579]:InternalAD ST: Expanded variable reference '$current-node$' to 'association'.
[04/17/19 12:42:19.580]:InternalAD ST: (if-op-property 'AccountTracking-$current-node$' not-available) = TRUE.
[04/17/19 12:42:19.581]:InternalAD ST: Expanded variable reference '$current-node$' to 'association'.
[04/17/19 12:42:19.581]:InternalAD ST: (if-op-attr '$current-node$' available) = FALSE.
[04/17/19 12:42:19.582]:InternalAD ST: Performing else actions.
[04/17/19 12:42:19.583]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - Initialize status properties on published events'.
[04/17/19 12:42:19.585]:InternalAD ST: (if-operation match "add|modify|delete|rename|move") = FALSE.
[04/17/19 12:42:19.586]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.586]:InternalAD ST: Policy returned:
[04/17/19 12:42:19.587]:InternalAD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" level="success"/>
</output>
</nds>
[04/17/19 12:42:19.590]:InternalAD ST: Applying policy: %+C%14CNOVLATRKBASE-itp-WriteAccounts%-C.
[04/17/19 12:42:19.591]:InternalAD ST: Applying to status #1.
[04/17/19 12:42:19.592]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - Initialize Realm Mapping'.
[04/17/19 12:42:19.593]:InternalAD ST: (if-global-variable 'drv.acctTrk.enable' equal "true") = TRUE.
[04/17/19 12:42:19.594]:InternalAD ST: (if-global-variable 'drv.acctTrk.mode' equal "fanout") = FALSE.
[04/17/19 12:42:19.595]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.596]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - disregard if disabled'.
[04/17/19 12:42:19.596]:InternalAD ST: (if-global-variable 'drv.acctTrk.enable' not-equal "true") = FALSE.
[04/17/19 12:42:19.597]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.597]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - query DirXML-Accounts Attribute'.
[04/17/19 12:42:19.598]:InternalAD ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
[04/17/19 12:42:19.600]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.600]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - remove Dirxml-Account values on regular delete operation'.
[04/17/19 12:42:19.601]:InternalAD ST: (if-operation match "delete|remove-association") = FALSE.
[04/17/19 12:42:19.602]:InternalAD ST: (if-operation equal "status") = TRUE.
[04/17/19 12:42:19.603]:InternalAD ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
[04/17/19 12:42:19.603]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.604]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute on regular operations'.
[04/17/19 12:42:19.605]:InternalAD ST: (if-op-property 'AccountTracking-Operation' not-available) = TRUE.
[04/17/19 12:42:19.606]:InternalAD ST: (if-op-property 'AccountTracking-ObjectDN' available) = FALSE.
[04/17/19 12:42:19.606]:InternalAD ST: (if-operation equal "status") = TRUE.
[04/17/19 12:42:19.607]:InternalAD ST: (if-xpath true "./@level='success' or ./@level='warning'") = TRUE.
[04/17/19 12:42:19.607]:InternalAD ST: (if-op-property 'AccountTracking-Operation' available) = FALSE.
[04/17/19 12:42:19.608]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.609]:InternalAD ST: Evaluating selection criteria for rule 'AccountTracking - update DirXMLAccounts attribute on mapped operations'.
[04/17/19 12:42:19.611]:InternalAD ST: (if-xpath true "operation-data/account-tracking-operation") = FALSE.
[04/17/19 12:42:19.611]:InternalAD ST: (if-xpath true "operation-data/account-tracking-operation") = FALSE.
[04/17/19 12:42:19.612]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.613]:InternalAD ST: Policy returned:
[04/17/19 12:42:19.614]:InternalAD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" level="success"/>
</output>
</nds>
[04/17/19 12:42:19.618]:InternalAD ST: Applying policy: %+C%14CNOVLADDCFG-itp-SubscriberUserAdd%-C.
[04/17/19 12:42:19.619]:InternalAD ST: Applying to status #1.
[04/17/19 12:42:19.619]:InternalAD ST: Evaluating selection criteria for rule 'display operation'.
[04/17/19 12:42:19.620]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.620]:InternalAD ST: Applying rule 'display operation'.
[04/17/19 12:42:19.621]:InternalAD ST: Action: do-trace-message(token-operation()).
[04/17/19 12:42:19.622]:InternalAD ST: arg-string(token-operation())
[04/17/19 12:42:19.623]:InternalAD ST: token-operation()
[04/17/19 12:42:19.623]:InternalAD ST: Token Value: "status".
[04/17/19 12:42:19.624]:InternalAD ST: Arg Value: "status".
[04/17/19 12:42:19.625]:InternalAD ST:status
[04/17/19 12:42:19.625]:InternalAD ST: Evaluating selection criteria for rule 'Populate DirXML-ADContext on initial user add'.
[04/17/19 12:42:19.626]:InternalAD ST: (if-operation equal "add-association") = FALSE.
[04/17/19 12:42:19.628]:InternalAD ST: (if-operation equal "status") = TRUE.
[04/17/19 12:42:19.629]:InternalAD ST: (if-association associated) = FALSE.
[04/17/19 12:42:19.630]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.630]:InternalAD ST: Policy returned:
[04/17/19 12:42:19.631]:InternalAD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" level="success"/>
</output>
</nds>
[04/17/19 12:42:19.637]:InternalAD ST: Applying policy: %+C%14CNOVLADDCFG-itp-FormatConversions%-C.
[04/17/19 12:42:19.637]:InternalAD ST: Applying to status #1.
[04/17/19 12:42:19.638]:InternalAD ST: Evaluating selection criteria for rule 'streetAddress: Convert CR-LF to LF'.
[04/17/19 12:42:19.639]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.640]:InternalAD ST: Applying rule 'streetAddress: Convert CR-LF to LF'.
[04/17/19 12:42:19.641]:InternalAD ST: Action: do-reformat-op-attr("streetAddress",token-replace-all("\r\n","\r",token-local-variable("current-value"))).
[04/17/19 12:42:19.643]:InternalAD ST: Evaluating selection criteria for rule 'logonHours: Convert to Login Allowed Time Map form'.
[04/17/19 12:42:19.644]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.644]:InternalAD ST: Applying rule 'logonHours: Convert to Login Allowed Time Map form'.
[04/17/19 12:42:19.645]:InternalAD ST: Action: do-reformat-op-attr("logonHours",token-xpath("jadutil:translateTimeMap2eDir($current-value)")).
[04/17/19 12:42:19.646]:InternalAD ST: Evaluating selection criteria for rule 'accountExpires: Convert to Identity Vault time format'.
[04/17/19 12:42:19.648]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.650]:InternalAD ST: Applying rule 'accountExpires: Convert to Identity Vault time format'.
[04/17/19 12:42:19.650]:InternalAD ST: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
[04/17/19 12:42:19.652]:InternalAD ST: Evaluating selection criteria for rule 'lockoutTime: Convert to Identity Vault time format'.
[04/17/19 12:42:19.652]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.653]:InternalAD ST: Applying rule 'lockoutTime: Convert to Identity Vault time format'.
[04/17/19 12:42:19.653]:InternalAD ST: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateFileTime2Epoch($current-value)")).
[04/17/19 12:42:19.656]:InternalAD ST: Policy returned:
[04/17/19 12:42:19.657]:InternalAD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" level="success"/>
</output>
</nds>
[04/17/19 12:42:19.662]:InternalAD ST: Applying policy: %+C%14CNOVLDATACOLL-itp-DataCollectionQuerySupport%-C.
[04/17/19 12:42:19.663]:InternalAD ST: Applying to status #1.
[04/17/19 12:42:19.663]:InternalAD ST: Evaluating selection criteria for rule 'Rename @association-ref to @association and change @type from "dn" to "{dn}"'.
[04/17/19 12:42:19.665]:InternalAD ST: (if-operation equal "instance") = FALSE.
[04/17/19 12:42:19.665]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.666]:InternalAD ST: Policy returned:
[04/17/19 12:42:19.666]:InternalAD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" level="success"/>
</output>
</nds>
[04/17/19 12:42:19.669]:InternalAD ST: Applying policy: %+C%14CNOVLPWDSYNC-itp-EmailOnFailedPwdSub%-C.
[04/17/19 12:42:19.670]:InternalAD ST: Applying to status #1.
[04/17/19 12:42:19.671]:InternalAD ST: Evaluating selection criteria for rule 'Send e-mail on a failure when subscribing to passwords'.
[04/17/19 12:42:19.672]:InternalAD ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[04/17/19 12:42:19.673]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.673]:InternalAD ST: Evaluating selection criteria for rule 'Send e-mail on failure to reset connected system password using the Identity Vault password'.
[04/17/19 12:42:19.674]:InternalAD ST: (if-global-variable 'notify-user-on-password-dist-failure' equal "true") = FALSE.
[04/17/19 12:42:19.675]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.676]:InternalAD ST: Policy returned:
[04/17/19 12:42:19.677]:InternalAD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" level="success"/>
</output>
</nds>
[04/17/19 12:42:19.680]:InternalAD ST: Applying policy: %+C%14CNotify when there is error on status%-C.
[04/17/19 12:42:19.682]:InternalAD ST: Applying to status #1.
[04/17/19 12:42:19.682]:InternalAD ST: Evaluating selection criteria for rule 'Status Error Handling: User Already Associated'.
[04/17/19 12:42:19.684]:InternalAD ST: (if-operation equal "status") = TRUE.
[04/17/19 12:42:19.684]:InternalAD ST: (if-xpath true "./@level='error'") = FALSE.
[04/17/19 12:42:19.685]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.686]:InternalAD ST: Evaluating selection criteria for rule 'Status Error Handling: If remote loader is down'.
[04/17/19 12:42:19.688]:InternalAD ST: (if-operation equal "status") = TRUE.
[04/17/19 12:42:19.689]:InternalAD ST: (if-xpath true "./@level='error'") = FALSE.
[04/17/19 12:42:19.689]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.690]:InternalAD ST: Policy returned:
[04/17/19 12:42:19.690]:InternalAD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" level="success"/>
</output>
</nds>
[04/17/19 12:42:19.693]:InternalAD ST: Applying policy: %+C%14CVerify account locout time%-C.
[04/17/19 12:42:19.694]:InternalAD ST: Applying to status #1.
[04/17/19 12:42:19.695]:InternalAD ST: Evaluating selection criteria for rule 'verify account lockout time'.
[04/17/19 12:42:19.697]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.698]:InternalAD ST: Applying rule 'verify account lockout time'.
[04/17/19 12:42:19.699]:InternalAD ST: Action: do-trace-message("accountlockouttimedkk"+token-op-attr("lockoutTime")).
[04/17/19 12:42:19.699]:InternalAD ST: arg-string("accountlockouttimedkk"+token-op-attr("lockoutTime"))
[04/17/19 12:42:19.700]:InternalAD ST: token-text("accountlockouttimedkk")
[04/17/19 12:42:19.700]:InternalAD ST: token-op-attr("lockoutTime")
[04/17/19 12:42:19.700]:InternalAD ST: Token Value: "".
[04/17/19 12:42:19.701]:InternalAD ST: Arg Value: "accountlockouttimedkk".
[04/17/19 12:42:19.701]:InternalAD ST:accountlockouttimedkk
[04/17/19 12:42:19.701]:InternalAD ST: Evaluating selection criteria for rule 'verify account lockout time'.
[04/17/19 12:42:19.702]:InternalAD ST: (if-op-attr 'lockoutTime' available) = FALSE.
[04/17/19 12:42:19.702]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.703]:InternalAD ST: Policy returned:
[04/17/19 12:42:19.703]:InternalAD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" level="success"/>
</output>
</nds>
[04/17/19 12:42:19.705]:InternalAD ST: Applying policy: %+C%14CWatchdog-DK%-C.
[04/17/19 12:42:19.706]:InternalAD ST: Applying to status #1.
[04/17/19 12:42:19.706]:InternalAD ST: Evaluating selection criteria for rule 'Watchdog - group creation'.
[04/17/19 12:42:19.706]:InternalAD ST: (if-class-name equal "Group") = FALSE.
[04/17/19 12:42:19.707]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.707]:InternalAD ST: Evaluating selection criteria for rule 'Watchdog - group member update'.
[04/17/19 12:42:19.708]:InternalAD ST: (if-class-name equal "Group") = FALSE.
[04/17/19 12:42:19.708]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.708]:InternalAD ST: Evaluating selection criteria for rule 'Watchdog-User creation'.
[04/17/19 12:42:19.709]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/17/19 12:42:19.709]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.709]:InternalAD ST: Policy returned:
[04/17/19 12:42:19.710]:InternalAD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" level="success"/>
</output>
</nds>
[04/17/19 12:42:19.711]:InternalAD ST: Applying schema mapping policies to input.
[04/17/19 12:42:19.712]:InternalAD ST: Applying policy: %+C%14CNOVLADDCFG-smp%-C.
[04/17/19 12:42:19.712]:InternalAD ST: Resolving association references.
[04/17/19 12:42:19.713]:InternalAD ST: Processing returned document.
[04/17/19 12:42:19.713]:InternalAD ST: Processing operation <status> for .
[04/17/19 12:42:19.713]:InternalAD ST:
DirXML Log Event -------------------
Driver: \BBCIDV\system\driverset1\AD-Internal-BBC
Channel: Subscriber
Status: Success
[04/17/19 12:42:19.714]:InternalAD ST: Direct command from policy result
[04/17/19 12:42:19.715]:InternalAD ST:
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" level="success">
<application>DirXML</application>
<module>AD-Internal-BBC</module>
<object-dn></object-dn>
<component>Subscriber</component>
</status>
</output>
</nds>
[04/17/19 12:42:19.717]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.718]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.723]:InternalAD ST:Applying policy: %+C%14Cveto rename and move event from IDM to AD%-C.
[04/17/19 12:42:19.723]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.724]:InternalAD ST: Evaluating selection criteria for rule 'veto rename and move event from IDM to AD'.
[04/17/19 12:42:19.724]:InternalAD ST: (if-operation equal "rename") = FALSE.
[04/17/19 12:42:19.724]:InternalAD ST: (if-operation equal "move") = FALSE.
[04/17/19 12:42:19.725]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.725]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.725]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.731]:InternalAD ST:Subscriber processing add for \BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1.
[04/17/19 12:42:19.732]:InternalAD ST:Applying object matching policies.
[04/17/19 12:42:19.732]:InternalAD ST:Applying policy: %+C%14CSub-Matching%-C.
[04/17/19 12:42:19.732]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.733]:InternalAD ST: Evaluating selection criteria for rule 'Match based on EmployeeId'.
[04/17/19 12:42:19.733]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/17/19 12:42:19.734]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.734]:InternalAD ST: Evaluating selection criteria for rule 'Match based on BBCsharedrive'.
[04/17/19 12:42:19.735]:InternalAD ST: (if-class-name equal "BBCADShareDrive") = FALSE.
[04/17/19 12:42:19.735]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.735]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.736]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.741]:InternalAD ST:No match found.
[04/17/19 12:42:19.741]:InternalAD ST:Applying object creation policies.
[04/17/19 12:42:19.741]:InternalAD ST:Applying policy: %+C%14CSub-Creation%-C.
[04/17/19 12:42:19.742]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.742]:InternalAD ST: Evaluating selection criteria for rule 'Break if not a User'.
[04/17/19 12:42:19.742]:InternalAD ST: (if-class-name not-equal "User") = TRUE.
[04/17/19 12:42:19.743]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.743]:InternalAD ST: Applying rule 'Break if not a User'.
[04/17/19 12:42:19.743]:InternalAD ST: Action: do-break().
[04/17/19 12:42:19.744]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.744]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.749]:InternalAD ST:Applying object placement policies.
[04/17/19 12:42:19.749]:InternalAD ST:Applying policy: %+C%14CSub-User-Placement%-C.
[04/17/19 12:42:19.750]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.750]:InternalAD ST: Evaluating selection criteria for rule 'Placement for users'.
[04/17/19 12:42:19.750]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/17/19 12:42:19.751]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.751]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.751]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.757]:InternalAD ST:Submitting add to subscriber shim.
[04/17/19 12:42:19.757]:InternalAD ST:Applying command transformation policies.
[04/17/19 12:42:19.757]:InternalAD ST:Applying policy: %+C%14CNOVLPWDSYNC-sub-ctp-TransformDistPwd%-C.
[04/17/19 12:42:19.758]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.758]:InternalAD ST: Evaluating selection criteria for rule 'Convert adds of the nspmDistributionPassword attribute to password elements'.
[04/17/19 12:42:19.759]:InternalAD ST: (if-operation equal "add") = TRUE.
[04/17/19 12:42:19.759]:InternalAD ST: (if-op-attr 'nspmDistributionPassword' available) = FALSE.
[04/17/19 12:42:19.760]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.760]:InternalAD ST: Evaluating selection criteria for rule 'Block modifies for failed password publish operations if reset password is false'.
[04/17/19 12:42:19.761]:InternalAD ST: (if-global-variable 'reset-external-password-on-failure' equal "false") = TRUE.
[04/17/19 12:42:19.761]:InternalAD ST: (if-operation equal "modify") = FALSE.
[04/17/19 12:42:19.762]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.762]:InternalAD ST: Evaluating selection criteria for rule 'Convert modifies of a nspmDistributionPassword attribute to a modify password operation'.
[04/17/19 12:42:19.763]:InternalAD ST: (if-operation equal "modify") = FALSE.
[04/17/19 12:42:19.763]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.763]:InternalAD ST: Evaluating selection criteria for rule 'Block empty modify operations'.
[04/17/19 12:42:19.764]:InternalAD ST: (if-operation equal "modify") = FALSE.
[04/17/19 12:42:19.764]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.765]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.765]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.770]:InternalAD ST:Applying policy: %+C%14CNOVLPWDSYNC-sub-ctp-CheckPwdGCV%-C.
[04/17/19 12:42:19.771]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.771]:InternalAD ST: Evaluating selection criteria for rule 'Block subscribing to passwords when objects are added'.
[04/17/19 12:42:19.772]:InternalAD ST: (if-global-variable 'enable-password-subscribe' equal "false") = FALSE.
[04/17/19 12:42:19.772]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.772]:InternalAD ST: Evaluating selection criteria for rule 'Block subscribing to password modifications'.
[04/17/19 12:42:19.773]:InternalAD ST: (if-global-variable 'enable-password-subscribe' equal "false") = FALSE.
[04/17/19 12:42:19.773]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.774]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.774]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.779]:InternalAD ST:Applying policy: %+C%14CNOVLPWDSYNC-sub-ctp-AddPwdPayload%-C.
[04/17/19 12:42:19.779]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.780]:InternalAD ST: Evaluating selection criteria for rule 'Add operation-data element to password subscribe operations'.
[04/17/19 12:42:19.780]:InternalAD ST: (if-operation equal "add") = TRUE.
[04/17/19 12:42:19.781]:InternalAD ST: (if-password available) = FALSE.
[04/17/19 12:42:19.781]:InternalAD ST: (if-operation equal "modify-password") = FALSE.
[04/17/19 12:42:19.782]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.782]:InternalAD ST: Evaluating selection criteria for rule 'Add payload data to a reset password from a failed password publish operation'.
[04/17/19 12:42:19.783]:InternalAD ST: (if-operation equal "modify-password") = FALSE.
[04/17/19 12:42:19.783]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.783]:InternalAD ST: Evaluating selection criteria for rule 'Add payload data to password subscribe operations'.
[04/17/19 12:42:19.783]:InternalAD ST: (if-operation equal "add") = TRUE.
[04/17/19 12:42:19.785]:InternalAD ST: (if-password available) = FALSE.
[04/17/19 12:42:19.785]:InternalAD ST: (if-operation equal "modify-password") = FALSE.
[04/17/19 12:42:19.785]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.785]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.786]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.791]:InternalAD ST:Applying policy: %+C%14CAD-Group-Entitlement%-C.
[04/17/19 12:42:19.791]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.792]:InternalAD ST: Evaluating selection criteria for rule 'Query UPN'.
[04/17/19 12:42:19.792]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/17/19 12:42:19.792]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.793]:InternalAD ST: Evaluating selection criteria for rule 'Check AD groups entitlement being granted-NEW-UPDATED'.
[04/17/19 12:42:19.793]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/17/19 12:42:19.794]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.794]:InternalAD ST: Evaluating selection criteria for rule 'Check AD groups entitlement being revoked NEW-UPDATED'.
[04/17/19 12:42:19.794]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/17/19 12:42:19.795]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.795]:InternalAD ST: Evaluating selection criteria for rule 'Check AD Share entitlement being granted-NEW-UPDATED'.
[04/17/19 12:42:19.796]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/17/19 12:42:19.796]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.796]:InternalAD ST: Evaluating selection criteria for rule 'Check AD Share entitlement being revoked NEW-UPDATED'.
[04/17/19 12:42:19.797]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/17/19 12:42:19.797]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.797]:InternalAD ST: Evaluating selection criteria for rule 'Check PIM Group entitlement being granted-NEW-UPDATED'.
[04/17/19 12:42:19.798]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/17/19 12:42:19.798]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.799]:InternalAD ST: Evaluating selection criteria for rule 'Check PIM Group entitlement being revoked NEW-UPDATED'.
[04/17/19 12:42:19.799]:InternalAD ST: (if-class-name equal "User") = FALSE.
[04/17/19 12:42:19.800]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.800]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.800]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="CN">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.805]:InternalAD ST:Filtering out notification-only attributes.
[04/17/19 12:42:19.806]:InternalAD ST:Fixing up association references.
[04/17/19 12:42:19.806]:InternalAD ST:Applying schema mapping policies to output.
[04/17/19 12:42:19.807]:InternalAD ST:Applying policy: %+C%14CNOVLADDCFG-smp%-C.
[04/17/19 12:42:19.807]:InternalAD ST: Mapping attr-name 'CN' to 'sAMAccountName'.
[04/17/19 12:42:19.807]:InternalAD ST: No mapping for class-name 'nrfRole'.
[04/17/19 12:42:19.808]:InternalAD ST:Applying output transformation policies.
[04/17/19 12:42:19.808]:InternalAD ST:Applying policy: %+C%14CNOVLADDCFG-otp-FormatConversions%-C.
[04/17/19 12:42:19.809]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.809]:InternalAD ST: Evaluating selection criteria for rule 'accountExpires:Convert to Active Directory form - Updated'.
[04/17/19 12:42:19.809]:InternalAD ST: (if-op-attr 'accountExpires' not-equal "0") = TRUE.
[04/17/19 12:42:19.810]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.810]:InternalAD ST: Applying rule 'accountExpires:Convert to Active Directory form - Updated'.
[04/17/19 12:42:19.811]:InternalAD ST: Action: do-reformat-op-attr("accountExpires",token-xpath("jadutil:translateEpoch2FileTime($current-value+86400)")).
[04/17/19 12:42:19.811]:InternalAD ST: Evaluating selection criteria for rule 'lockoutTime: Convert to Active Directory form'.
[04/17/19 12:42:19.812]:InternalAD ST: Rule selected.
[04/17/19 12:42:19.812]:InternalAD ST: Applying rule 'lockoutTime: Convert to Active Directory form'.
[04/17/19 12:42:19.813]:InternalAD ST: Action: do-reformat-op-attr("lockoutTime",token-xpath("jadutil:translateEpoch2FileTime($current-value)")).
[04/17/19 12:42:19.813]:InternalAD ST: Evaluating selection criteria for rule 'update Active Directory logon name'.
[04/17/19 12:42:19.814]:InternalAD ST: (if-xpath true "self::status[@level = 'success']/operation-data/windows-2000-logon-name") = FALSE.
[04/17/19 12:42:19.815]:InternalAD ST: Rule rejected.
[04/17/19 12:42:19.815]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.815]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="sAMAccountName">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.820]:InternalAD ST:Applying policy: %+C%14CNOVLPWDSYNC-otp-EmailOnFailedPwdPub%-C.
[04/17/19 12:42:19.821]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.821]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.821]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="sAMAccountName">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.827]:InternalAD ST:Applying policy: %+C%14CNOVLATRKBASE-otp-Subscribe%-C.
[04/17/19 12:42:19.827]:InternalAD ST: Applying to add #1.
[04/17/19 12:42:19.827]:InternalAD ST:Policy returned:
[04/17/19 12:42:19.828]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="sAMAccountName">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.833]:InternalAD ST:Submitting document to subscriber shim:
[04/17/19 12:42:19.833]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="sAMAccountName">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.841]:InternalAD ST:Remote Interface Driver: Sending...
[04/17/19 12:42:19.842]:InternalAD ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add cached-time="20190417104219.177Z" class-name="nrfRole" event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" qualified-src-dn="O=system\CN=driverset1\CN=UserApplication\CN=AppConfig\CN=RoleConfig\CN=RoleDefs\CN=Level10\CN=PIM\CN=Prod\CN=Onsite-Access\CN=tstpimgrpbus1" src-dn="\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1" src-entry-id="554819" timestamp="1555497739#16">
<add-attr attr-name="sAMAccountName">
<value timestamp="1555497739#16" type="string">tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedDescrs">
<value timestamp="1555497739#3" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
<add-attr attr-name="nrfLocalizedNames">
<value timestamp="1555497739#4" type="string">en~tstpimgrpbus1|da~tstpimgrpbus1</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 12:42:19.848]:InternalAD ST:Remote Interface Driver: Document sent.
[04/17/19 12:42:19.855]:InternalAD :Remote Interface Driver: Received.
[04/17/19 12:42:19.855]:InternalAD :
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2" level="error" text1="schema violation" type="app-general">
<message>Class 'nrfRole' is not in the application schema</message>
<xds-path>/nds/input/add[@event-id='BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2'][@class-name='nrfRole'][@src-dn='\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1'][@class-name='nrfRole']</xds-path>
</status>
</output>
</nds>

Regards
Sivaram T
0 Likes
Knowledge Partner
Knowledge Partner

Re: How to sync extensionAttributes from IDM to Active Directory

> Please find the new error.

> event-id="BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2"
> level="error" text1="schema violation" type="app-general">
> <message>Class 'nrfRole' is not in the application
> schema</message>
>
> <xds-path>/nds/input/add[@event-id='BBCDBS0015-NDS#20190417104219#2#1:18d99317-581e-4f8b-a6fa-dfdcbb1294a2'][@class-name='nrfRole'][@src-dn='\BBCIDV\system\driverset1\UserApplication\AppConfig\RoleConfig\RoleDefs\Level10\PIM\Prod\Onsite-Access\tstpimgrpbus1'][@class-name='nrfRole']</xds-path>
> </status>
> </output>
> </nds>


So lets see if you can figure this out. Active directory driver. You
add nrfRole to the filter, Sub-Sync. So what did you expect to happen?
An added nrfRole should be synchronized on the Subscriber channel.

So far so good.

The error says: "Class 'nrfRole' is not in the application schema"

That is Active directory saying, nrfRole is not an object class in
Active Directory.

So what do you think the error is?

You are NOT mapping nrfRole to Group between IDM and AD. You are seeing
an nrfRole event, and then doing a do-add-dest-object of a group, as a
Direct Command from policy.

So your group succeeds and your nrfRole fails. You should add a do-veto
after you process the nrfRole to add the group so that the event does
not make it through.


0 Likes
sivaramtm Super Contributor.
Super Contributor.

Re: How to sync extensionAttributes from IDM to Active Direc

Thanks. I did the same and now it throws below error.

<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Advanced" version="4.6.3.0">DirXML</product>
<contact>NetIQ Corporation</contact>
</source>
<input>
<add class-name="group" dest-dn="CN=testpimsubgrpcont10,OU=Onsite-Access,OU=Prod,OU=PIM,DC=idmtst,DC=BBC,DC=dk" event-id="BBCDBS0015-NDS#20190417131604#2#1:5eeb7f11-b149-4c78-a0d1-036c0a7d2773">
<add-attr attr-name="samAccountName">
<value type="string">testpimsubgrpcont10</value>
</add-attr>
<add-attr attr-name="description">
<value type="string">testpimsubgrpcont10</value>
</add-attr>
<add-attr attr-name="extensionAttribute8">
<value type="string">en~testpimsubgrpcont10|da~testpimsubgrpcont10</value>
</add-attr>
<add-attr attr-name="extensionAttribute9">
<value type="string">en~testpimsubgrpcont10|da~testpimsubgrpcont10</value>
</add-attr>
</add>
</input>
</nds>
[04/17/19 15:16:05.112]:InternalAD ST: Remote Interface Driver: Document sent.
[04/17/19 15:16:05.158]:InternalAD :Remote Interface Driver: Received.
[04/17/19 15:16:05.159]:InternalAD :
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20120330_120000" instance="\BBCIDV\system\driverset1\AD-Internal-BBC" version="4.0.0.0">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="BBCDBS0015-NDS#20190417131604#2#1:5eeb7f11-b149-4c78-a0d1-036c0a7d2773" level="error" type="driver-general">
<ldap-err ldap-rc="65" ldap-rc-name="LDAP_OBJECT_CLASS_VIOLATION">
<client-err ldap-rc="65" ldap-rc-name="LDAP_OBJECT_CLASS_VIOLATION">Object Class Violation</client-err>
<server-err>0000207D: UpdErr: DSID-0315121C, problem 6002 (OBJ_CLASS_VIOLATION), data -1783875980
</server-err>
<server-err-ex win32-rc="8317"/>
</ldap-err>
</status>
</output>
</nds>

Regards
Sivaram T
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: How to sync extensionAttributes from IDM to Active Directory

This error, to me, is still telling me that you cannot have
extensionAttribute8 and/or extensionAttribute9 on a 'group' object in
microsoft active directory (MAD).

On 04/17/2019 07:24 AM, sivaramtm wrote:
> event-id="BBCDBS0015-NDS#20190417131604#2#1:5eeb7f11-b149-4c78-a0d1-036c0a7d2773"
> level="error" type="driver-general">
> <ldap-err ldap-rc="65"
> ldap-rc-name="LDAP_OBJECT_CLASS_VIOLATION">
> <client-err ldap-rc="65"
> ldap-rc-name="LDAP_OBJECT_CLASS_VIOLATION">Object Class
> Violation</client-err>
> <server-err>0000207D: UpdErr: DSID-0315121C, problem 6002
> (OBJ_CLASS_VIOLATION), data -1783875980


What was the result of the LDIF test I posted earlier, using something
like Apache Directory Studio or the ldapmodify command?

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
sivaramtm Super Contributor.
Super Contributor.

Re: How to sync extensionAttributes from IDM to Active Direc

LDIF test is success. Group object is getting created with extension attributes 8 and 9. I used Apache studio to do the same.

Thanks
Siva ram T
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.