Azure AD provisioning problem with referential attributes.

Alex Wilhelmsen 41 Reputation points
2022-03-01T12:36:55.597+00:00

Azure AD provisioning is an amazing tool and we are maybe stretching it to its limit. We have Workday as our HRMS.
New hires are getting flawlessly provisioned into on-prem Active Directory.

However, we don't want all attributes synchronized until the first day in the office. This is done with the following expression:

IIF(DateDiff("d", CDate([StatusHireDate]), Now())>=0, [SupervisoryOrganization], "")

This works fine for all attributes except manager.

IIF(DateDiff("d", CDate([StatusHireDate]), Now())>=0, [ManagerReference], "")

According to documentation, it is due to: "The function should not be used for referential attributes such as manager."
Does anybody have a workaround or are there any updates for the Azure AD provisioning solving this?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,843 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,451 questions
0 comments
Accepted answer
  1. Limitless Technology 43,931 Reputation points
    2022-03-02T11:51:01.48+00:00

    Hello @Alex Wilhelmsen

    Unfortunately it seems that it is a hardcoded requirement, likely due to avoid NULL attritbute issues later.

    You can find more information and the official statement in: https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/functions-for-customizing-application-data

    Hope this helps with your query,

    --
    --If the reply is helpful, please Upvote and Accept as answer--

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest