Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.
100% helpful (1/1)
davindersingh
Saviynt Employee
Saviynt Employee

Symptoms

Active Directory Create account task in saviynt results in an error after running the provisioning job.

Error Details

Example 1
Checking DN for CN=lastname\, firstname (firstlast),null.Error while searching for DN-CN=lastname\, firstname (firstlast),null: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090810, comment: Error processing name, data 0, v2580] SAV-Error while creating account,Could not find a unique DN to provision

Example 2 
Checking DN for CN=lastname\, firstname (firstlast),OU=Users,DC=Saviynt,DC=Com.Error while searching for DN-CN=lastname\, firstname (firstlast),OU=Users,DC=Saviynt,DC=Com: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090810, comment: Error processing name, data 0, v2580] SAV-Error while creating account,Could not find a unique DN to provision

Note : Error code may be differ depending upon the exact use case scenario

Diagnosis

This could be due to following reasons :

1. The account name rule in the Active directory connections is not configured.

2. The attributes configured in the account name rule are not having the appropriate values.

3. The account is in AD is already created manually but not yet Imported into Saviynt.

4. The account is not corelated to the user for whom the new account task is created.

Solution

In the above Example 1, the issue is related to user attributes being empty and are configured in account name rule at the connection level which is causing the DN to be generated as null and causing the error in the task provisioning.

for example if user's customproperty8 is configured in the account name rule and should contain the DN of the OU where user should be created in Active Directory then you can go to users tab , search for that user and check whether customproperty8 is filled with the required value.

The issue in Example 2 is related to an account which already exists in AD, the new account task wont be created if the account import job is run and the account is corelated properly with the user for whom the request is being submitted.

More Details on AD integration on Saviynt Documentation portal at link :  https://docs.saviyntcloud.com/bundle/AD-v2021x/page/Content/About-this-Guide.htm

 

Version history
Last update:
‎01/09/2023 10:49 AM
Updated by:
Contributors