

Cadet 2nd Class
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-10-03
19:12
488 views
Setting O365 license without real association
Hi,
In our environment, IDM provisions users to AD and DirSync pushes on-premise AD users into O365 (Synced with Active Directory). We want to use Office 365 driver to assign licenses the these O365 users, but there is currently no user association between O365 driver and O365 account.
It would be good to have association for each O365 user with IDM as a long term solution. Currently because of tight timelines I am trying a quick solution. DirSync runs every 30 mins, so thinking to schedule a job in O365 Driver that will read the email addresses for accounts created in IDM in last 30 mins and run a rule via trigger that can assign the license to user at O365 (assuming the user already exists in O365)
Can we assign user a license at O365 without real association? (like setting destination attribute "License" by writing directly into destination data store). I wrote below trigger. I think I am doing something wrong (mostly syntax) with the destination DN.
<description>Scheduled job for assigning O365 licenses</description>
<conditions>
<and>
<if-xpath op="true">self::trigger[@source='O365 License Update']</if-xpath>
</and>
</conditions>
<actions>
<do-set-local-variable name="targetUPN" scope="policy">
<arg-string>
<token-text xml:space="preserve">Some email address</token-text>
</arg-string>
</do-set-local-variable>
<do-add-dest-attr-value class-name="User" direct="true" name="LicenseAssignment">
<arg-dn>
<token-local-variable name="targetUPN"/>
</arg-dn>
<arg-value type="string">
<token-text xml:space="preserve">O365-Kiosk-License</token-text>
</arg-value>
</do-add-dest-attr-value>
</actions>
In our environment, IDM provisions users to AD and DirSync pushes on-premise AD users into O365 (Synced with Active Directory). We want to use Office 365 driver to assign licenses the these O365 users, but there is currently no user association between O365 driver and O365 account.
It would be good to have association for each O365 user with IDM as a long term solution. Currently because of tight timelines I am trying a quick solution. DirSync runs every 30 mins, so thinking to schedule a job in O365 Driver that will read the email addresses for accounts created in IDM in last 30 mins and run a rule via trigger that can assign the license to user at O365 (assuming the user already exists in O365)
Can we assign user a license at O365 without real association? (like setting destination attribute "License" by writing directly into destination data store). I wrote below trigger. I think I am doing something wrong (mostly syntax) with the destination DN.
<description>Scheduled job for assigning O365 licenses</description>
<conditions>
<and>
<if-xpath op="true">self::trigger[@source='O365 License Update']</if-xpath>
</and>
</conditions>
<actions>
<do-set-local-variable name="targetUPN" scope="policy">
<arg-string>
<token-text xml:space="preserve">Some email address</token-text>
</arg-string>
</do-set-local-variable>
<do-add-dest-attr-value class-name="User" direct="true" name="LicenseAssignment">
<arg-dn>
<token-local-variable name="targetUPN"/>
</arg-dn>
<arg-value type="string">
<token-text xml:space="preserve">O365-Kiosk-License</token-text>
</arg-value>
</do-add-dest-attr-value>
</actions>
2 Replies


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-10-03
19:49
rahultamgadge;2488378 wrote:
Hi,
In our environment, IDM provisions users to AD and DirSync pushes on-premise AD users into O365 (Synced with Active Directory). We want to use Office 365 driver to assign licenses the these O365 users, but there is currently no user association between O365 driver and O365 account.
It would be good to have association for each O365 user with IDM as a long term solution. Currently because of tight timelines I am trying a quick solution. DirSync runs every 30 mins, so thinking to schedule a job in O365 Driver that will read the email addresses for accounts created in IDM in last 30 mins and run a rule via trigger that can assign the license to user at O365 (assuming the user already exists in O365)
Can we assign user a license at O365 without real association? (like setting destination attribute "License" by writing directly into destination data store). I wrote below trigger. I think I am doing something wrong (mostly syntax) with the destination DN.
<description>Scheduled job for assigning O365 licenses</description>
<conditions>
<and>
<if-xpath op="true">self::trigger[@source='O365 License Update']</if-xpath>
</and>
</conditions>
<actions>
<do-set-local-variable name="targetUPN" scope="policy">
<arg-string>
<token-text xml:space="preserve">Some email address</token-text>
</arg-string>
</do-set-local-variable>
<do-add-dest-attr-value class-name="User" direct="true" name="LicenseAssignment">
<arg-dn>
<token-local-variable name="targetUPN"/>
</arg-dn>
<arg-value type="string">
<token-text xml:space="preserve">O365-Kiosk-License</token-text>
</arg-value>
</do-add-dest-attr-value>
</actions>
Can you? Probably, yes. In the end, the driver shim just needs to know what object to modify, and what changes to make.
But, you probably shouldn't. If you're going to spend time working on it, do it right. The Azure driver supports running with DirSync, so start there, and work out the details of who gets what license and how from there.


Knowledge Partner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2018-10-03
23:09
dgersic;2488379 wrote:
Can you? Probably, yes. In the end, the driver shim just needs to know what object to modify, and what changes to make.
But, you probably shouldn't. If you're going to spend time working on it, do it right. The Azure driver supports running with DirSync, so start there, and work out the details of who gets what license and how from there.
Potentially it can work (O365 Driver SHIM just run in background PowerShell script), I agree with David: if you really need this functionality, try to use new Azure AD Driver.
Microsoft removed from public access some modules required for O365 driver and it makes this driver less and less reliable.