Okta重新激活Active Directory用户

时间:2016-10-04 20:56:30

标签: powershell okta

我们在AD中禁用了大约100个用户,因此在Okta中取消了预配置。我正在尝试重新激活Okta中的这些用户。它们已在AD上启用。

我正在使用Matt Egan编写的Okta PowerShell模块(https://github.com/mbegan/Okta-PSModule),我可以将用户帐户从deprovisioned转为Provisioned。但是,Active Directory不再对该帐户进行分析。是否有API调用可以让我建立最终链接?

PS C:\Users\perry.harris> oktaGetUserbyID -oOrg Contoso -userName joe.user@contoso.com
[ GET https://contoso.com/api/v1/users/joe.user@contoso.com ]


id              : 00u---------------h8
status          : DEPROVISIONED
created         : 7/31/2015 2:21:58 PM
activated       : 7/31/2015 2:21:58 PM
statusChanged   : 9/30/2016 6:20:50 PM
lastLogin       : 9/27/2016 4:17:37 PM
lastUpdated     : 9/30/2016 6:20:50 PM
passwordChanged : 7/31/2015 2:21:58 PM
profile         : @{firstName=Joe; lastName=User; 
                  login=joe.user@contoso.com; mobilePhone=; 
                  email=joe.user@contoso.com; secondEmail=; region=AM; 
                  PSemployeeID=1----6; department=Chicago-Human Resources; 
                  PSSSOID=1----6; BCPGREDUserName=Joe.user; 
                  organization=Contoso; title=Sr Analyst, 
                  Benefits; employeeNumber=1----6; 
                  ADUPN=joe.user@contoso.com; primaryPhone=+1(312)555-5555; 
                  streetAddress=2-- E--- -------- -----; city=-------; 
                  state=IL; zipCode=-----; countryCode=US}
credentials     : @{provider=}
_links          : @{activate=; self=}

PS C:\Users\perry.harris> oktaActivateUserbyId -oOrg Contoso -username joe.user@contoso.com
[ GET https://contoso.com/api/v1/users/joe.user@contoso.com ]
[ POST https://contoso.com/api/v1/users/0------------------U/lifecycle/activa
te?sendEmail=False ]
{}


activationUrl                                      
-------------                                      
https://contoso.com/welcome/V------------------O

PS C:\Users\perry.harris> oktaGetUserbyID -oOrg Contoso -userName joe.user@contoso.com
[ GET https://contoso.com/api/v1/users/joe.user@contoso.com ]


id              : 0------------------U
status          : PROVISIONED
created         : 2/17/2014 10:25:18 PM
activated       : 10/4/2016 9:55:08 AM
statusChanged   : 10/4/2016 9:55:08 AM
lastLogin       : 9/27/2016 2:36:39 PM
lastUpdated     : 10/4/2016 9:55:08 AM
passwordChanged : 
profile         : @{login=joe.user@contoso.com; mobilePhone=; 
                  email=joe.user@contoso.com; secondEmail=; 
                  firstName=Joe; lastName=User; title=Sr Analyst, 
                  Benefits; department=Chicago-Human Resources; 
                  employeeNumber=1----6; primaryPhone=+1(312)555-5555; 
                  streetAddress=2-- E--- -------- -----; city=-------; 
                  state=IL; zipCode=-----; countryCode=US}
credentials     : @{provider=}
_links          : @{suspend=; resetPassword=; resetFactors=; self=; 
                  changeRecoveryQuestion=; deactivate=}

1 个答案:

答案 0 :(得分:0)

如果我理解你的问题。您在AD中停用AD用户,然后在Okta中取消配置。现在当您在AD中重新激活用户以及稍后在Okta中重新激活该用户时,该用户将不再受AD控制?

如果是这种情况,一旦在Okta中激活用户(通过API,请求将是POST / api / v1 / users / {{userId}} / lifecycle / activate?sendEmail = false),在AD中激活后,你需要为AD运行导入。导入将导入重新激活的用户,一旦确认分配,用户将再次被AD掌握。

相关问题
最新问题