Skip to main content

Orphan Group Update Schedule

An orphan group is one without a primary owner.

An Orphan Group Update schedule is responsible for assigning a primary owner to orphan groups. For this, the orphan group must have at least one additional owner, since the schedule promotes a group’s additional owner as its primary owner.

When an Orphan Group Update schedule runs, it promotes the first additional owner in the additional owners’ list (be it a user, contact, or security group) as the primary owner and a notification is sent to the promoted owner. Note the following:

  • A temporary additional owner is not promoted as the primary owner. When such an owner is the first in the list, the schedule skips it and moves to the next additional owner in the list.
  • When a security group is promoted as the primary owner, a notification is sent to all group members.
  • When a mail-enabled user is promoted as the primary owner, the schedule also adds him or her as the group’s Exchange additional owner.
  • When a user is promoted as the primary owner of more than one group, a single notification is sent to him or her, containing details of the groups added to his or her ownership.

The promotion of an additional owner to primary owner may violate the Group Owners policy for the minimum number of additional owners required. A notification is sent to the promoted owner to add an additional owner to comply with the policy. See the Group Owners Policy topic.

With history tracking enabled, history is logged at the group level and at the promoted owner’s level. See the Configure History Tracking topic.

Create an Orphan Group Update Schedule

Follow the steps to create an Orphan Group Update Schedule.

Step 1 – In Admin Center, click Identity Stores in the left pane.

Step 2 – On the Identity Stores page, click the ellipsis button for an identity store and select Edit.

Step 3 – Click Schedules under Settings in the left pane.

Step 4 – On the Schedules page, click Add Schedule and select Orphan Group Update Job. The Create Schedule page is displayed.

Step 5 – In the Schedule Name box, enter a name for the schedule.

Step 6 – The Name Preview box displays the schedule name prefixed with _OrphanGroupUpdater__; the schedule is displayed with this name in email notifications.

Step 7 – Select a Directory Manager portal URL in the Portal URL drop-down list to include it in notifications generated by the schedule. Users are redirected to this portal to perform any necessary action.

Step 8 – In the Scheduler Service Name drop-down list, select a Scheduler service that would be responsible for triggering this schedule. The number of services displayed in the list depend on the number of nodes in all Elasticsearch clusters in the environment, as each node has its own Scheduler service. See the Scheduler Service topic for additional information.

Please note the following while selecting a Scheduler service:

  • The Scheduler service for the Directory Manager instance on which you are creating the schedule is selected by default. However, you can select the Scheduler service of another instance as well.

  • The Scheduler service can be changed even after creating the schedule. Upon the next run, the schedule will be triggered by the newly-selected Scheduler service.

  • If the selected Scheduler service fails to trigger the schedule, then no other Scheduler service can be selected automatically.

  • If a schedule is run manually on the Admin Center, then the Scheduler service of that instance will be used.

Step 9 – You can specify containers as targets for the schedule. The schedule will process all groups in these containers and their sub-containers. To specific containers as target, follow step 9 in the Create a Group Usage Service Schedule topic.

Step 10 – Click Add Triggers in the Triggers area to specify a triggering criterion for the schedule, that, when met, starts the execution of the schedule. Follow step 11 in the Create a Group Usage Service Schedule topic to add triggers.

Step 11 – Click Add Authentication in the Authentication area to specify an account for running the schedule in the identity store. See step 12 in the Create a Group Usage Service Schedule topic for additional information.

Step 12 – On the Create Schedule page, click Create Schedule.

Step 13 – On the Schedules page, click Save.
The schedule is displayed under Orphan Group Update. See the View the Schedules in an Identity Store  topic for additional information.