@JStiles
The SuccessFactors to AD user provisioning job automatically resolves manager references. There are three important things to note about this process.
- During manager resolution, the Azure AD provisioning service retrieves the employee's manager's personIdExternal attribute from SuccessFactors and automatically sets the manager attribute in Active Directory. The manager attribute in Active Directory is of type "Distinguished Name" or DN. That is the reason why we convert the manager information from SuccessFactors to a DN string.
- In order for the provisioning service to successfully resolve the manager reference, ensure that the manager's record from SuccessFactors is in scope of the provisioning job and it has been processed by the provisioning service prior to creating the user's record. This gives the provisioning service visibility into the manager's account existence in Active Directory.
- The default out-of-the-box manager attribute mapping is of type "Reference" so that this translation is automatically handled. Please do not change this mapping, else reference resolution will not work.
With this background, follow the steps below to resolve the issue:
• If you have changed the default manager attribute mapping, please restore the default mapping.
• If you want to flow the manager's actual personIdExternal value from SuccessFactors to AD, use the managerID attribute and map it to a different AD attribute that is of type string (e.g. description or extensionAttribute1).
• Run provision-on-demand for the manager's record first and then run provision-on-demand for the user's record.
This should hopefully resolve the issue.