I am doing a One-Way sync into multiple customer forests from my MIM Forest. This allows engineers to log into Customer forests using their corporate credentials.
I have been using the two below custom expressions for my attribute flow of userAccountControl to either Enable \ Disable an account. It is working, but I realized I need to also flow "passwordNeverExpires" into userAccountcontrol.
IIF(Eq(employeeStatus,"Enabled"),512,514) (Initial Flow Only) |
IIF(Eq(employeeStatus,"Enabled"),IIF(IsPresent(userAccountControl),BitAnd(33554397,userAccountControl),512),IIF(IsPresent(userAccountControl),BitOr(2,userAccountControl),514)) |
I need assistance figuring out the NEW custom expression to allow Enable\Disable with passwordNeverExpires always set. The initial flow custom expression below works. But I can't figure out the right value and bit operations 2nd customer expression that executes every cycle?
66048 is a normal account with the flag set for Password never expires
66050 is a normal disabled account with the flag set for Password never expires
I need assistance figuring out the NEW custom expression. The initial flow custom expression works. But I can't figure out the expression (highlighted) right values and bit operations 2nd customer expression that executes every cycle? Any asistenace is appreciated.
IIF(Eq(employeeStatus,"Enabled"),66048,66050) (Initial Flow Only) |
IIF(Eq(employeeStatus,"Enabled"),IIF(IsPresent(userAccountControl),BitAnd(33554397,userAccountControl),512),IIF(IsPresent(userAccountControl),BitOr(2,userAccountControl),514)) |