Different schedule per Target Connector
D
Dirk-Jan van Meeuwen
It would be very nice if we could schedule every single target system at a different time. We have a hybrid Azure AD tenant (local AD and a sync to Azure AD) and our users are provisioned to the local AD and then synced to Azure AD. But our Custom Azure AD connector generates an error if a user is created local and still not synced to Azure AD. That users is not available in Azure AD until the synchronization tool has done it's job.
R
Rick van den Dijssel
Merged in a post:
Delay changes to EntraID
M
Mike van Eck
In a hybrid AD/EntraID configuration it is common use to manage the accounts in AD with the AD target and manage additional cloud-only objects using a powershell EntraID target connector. When a new account is created and immediately an entitlement is granted to for example a security group, this reports an error because the newly created AD object is not yet synced to EntraID. Yes we can fiddle with the timing - lets say create/correlate AD objects 30 days before start employment and create/correlate EntraID 29 days before start employment - this won't work when a person should start right now. This results in errors thrown that will be solved at the next sync - which is misleading.
Is it possible to create a delay somewhere to solve this issue?
Bernard Moeskops
https://helloid.canny.io/provisioning/p/entitlements-with-a-grace-period
https://feedback.helloid.com/provisioning/p/different-schedule-per-target-connector
R
Rick van den Dijssel
Hello Mike van Eck! I have a few more questions for you:
- Can you provide more details about the frequency and timing of the errors you're experiencing?
- What is the impact of these errors on your workflow and productivity?
- Are there any specific scenarios where this issue is more prevalent?
R
Rick van den Dijssel
Merged in a post:
Schedule or delay individual target systems
R
Rick Heemskerk
Entitlement actions frequently fail the first time on new accounts that were just created in Entra ID. If we could configure a delay on subsequent actions than that would give the first target system the time to create the account.
We've tried adding a 5 minute delay in the script but HelloID is currently programmed to time-out after 30 seconds.
Harm-Jan ter Harmsel
I think is exactly the same issue I run into, although I'm using the default Azure AD Connector. Our accounts are created in WindowAD by HelloID Provisioning and synced from WindowsAD to AzureAD. The synced accounts are then correlated by the Azure AD Connector.
However, as both Windows AD and Azure AD Connectors use the same schedule this often is 'the next day'.