I am attempting to provision to Active Directory via an access policy and membership rule in OIM11gR2. I have a couple different issues associated with this process.
First, I have a membership rule that works fine. All members of a certain organization are automatically assigned a certain role. My access policy is set to provision an AD account to any member that is assigned the same role from the membership rule. This access policy does not seem to get triggered. The access policy is set to run with no approval, retrofit access policy is enabled, and it is set as priority 1 with "revoke if no longer applies" checked. It is also assigned the Active Directory Users process form. I cannot determine why this access policy is not being triggered to provision the role members to AD. I have manually run the Evaluate Users Policies several times with no affect.
I believe this may be happening because the default prepopulate adapters are not working or are not configured correctly. The 5 mandatory fields each have a prepopulate adapter assigned to them with the Default rule. Correct me if I am wrong, but I believe the mandatory fields user id, first name, last name, common name, and user principal name? The Org name and IT Resource are set as static values within the access policy. Can anyone assist me in determining (1) why the access policy is not working and (2) why the prepopulate adapters such as ADIDC Populate Form Field for User ID and ADIDC Prepopulate UserPrincipalName for User Principal Name are not working? Is there additional configuration that must take place with these out-of-the box adapters so they know which values to populate?