HAPPY NEW YEAR 2017

Identity And Access Management - Rajiv Dewan

Office 365 - Add / Remove License in Bulk

We can add/remove license in office 365 from a csv file. You can have a csv file which will contain principal names of all the users for whom you want to add/remove license. Header will be UserPrincipalName.

And execute these commands:

Connect-MsolService --> Provide username and password 

Get-MsolAccountSku |ft AccountSkuId   

--> Above command It will return values like :EXCHANGESTANDARD

Add License:

$AccountSkuId="PROVIDE_VALUE_HERE"                      --> Provide Value here
$UsageLocation="
PROVIDE_VALUE_HERE                    --> Provide Value here like US, IN
$Users=Import-Csv C:\Users.csv
$Users | ForEach-Object {
Set-MsolUser -UserPrincipalName $_.UserPrincipalName -UsageLocation $UsageLocation
Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -AddLicenses $AccountSkuId
}



Remove License:

$AccountSkuId="PROVIDE_VALUE_HERE"                     --> Provide Value here
$UsageLocation="
PROVIDE_VALUE_HERE                    --> Provide Value here like US, IN
$Users=Import-Csv C:\Users.csv
$Users | ForEach-Object {
Set-MsolUser -UserPrincipalName $_.UserPrincipalName -UsageLocation $UsageLocation
Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -RemoveLicenses $AccountSkuId
}


FVC (Form Version Control Utility)

Description:

If we add new field(s) in Process Form, that field won't be available for the existing provisioned users.

Solution:

FVC (Form Version Control Utility) comes with OIM which updates the form which are associated with existing users.


OR

Update PROCESS_FORM_TABLE set PROCESS_FORM_TABLE_VERSION =
(Select SDK_ACTIVE_VERSION from SDK where SDK_NAME='PROCESS_FORM_TABLE');
COMMIT;

NOTE:

Replace PROCESS_FORM_TABLE  with actual process form i.e. "UD_XXX"

Weird Issue With LDAP/ICF Connector

Issue: 

Integrated ODSEE (LDAP) with OIM 11g R2 PS1 using OID-11.1.1.5.0 connector. Wanted to test the reconciliation with one user so I gave the filter as equalTo('uid','RAJIVDEWAN') and ran the reconciliation; No reconciliation event generated.


Workaround: 

Changed the filter from:

equalTo('uid','RAJIVDEWAN')

to 

equalTo('uid','rajivdewan')


And I was able to see the reconciliation event. 

I don't know whether it's a connector issue or it's an ICF issue.

OIM - OIA Integration : Exception While Importing Data from OIM

Integration: OIM - OIA
Use Case: Import Users/Accounts etc
Exception:

Cause: java.sql.SQLException: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Invalid connection validation SQL statement

Expected Solution:
  1. Verify connection parameters in oimjdbc.properties
  2. Verify password property in iam-context.xml (proper line must be commented out for password)
  3. Make sure that oimjdbc.properties should not have spaces around "=" for 
    • oim.jdbc.username
    • oim.jdbc.url
    • oim.jdbc.driverClassName
    • oim.jdbc.password.encrypted