and more in a single search tool across platforms. Read the announcement here. |
on 04/05/2023 01:44 PM
How to achieve User / Account Name uniqueness check across multiple domains using ADSI connector?
SP3.16 and above
The user should have ROLE_ADMIN SAVROLE to configure ADSI connector.
Saviynt has the ability to check for Uniqueness across across multiple domains by using the CheckForUnique feature in ADSI connector
Sample JSON:
{
"CheckForUnique": {
"Attributes": [{
"samaccountname": "customproperty1",
"RuleCheck": "${user.lastname}###${user.lastname}1###${user.lastname}2###${user.lastname}3###${user.lastname}4###${user.lastname}5###${user.lastname}6###${user.lastname}7###${user.lastname}8"
},
{
"userprincipalname": "customproperty2",
"RuleCheck": "${user.lastname}@domainame.com###${user.lastname}1@domainname.com###${user.lastname}2@domainname.com###${user.lastname}3@domainname.com###${user.lastname}4@domainname.com"
},
{
"displayname": "customproperty31",
"RuleCheck": "${user.lastname}, ${user.firstname}###${user.lastname}, ${user.firstname}1###${user.lastname}, ${user.firstname}2###${user.lastname}, ${user.firstname}3###${user.lastname}, ${user.firstname}4"
}
]
}
}
The way the JSON is working is explained when you are using the below syntax
"samaccountname": "customproperty1",
"RuleCheck": "${user.lastname}###${user.lastname}1###${user.lastname}2###${user.lastname}3###${user.lastname}4###${user.lastname}5###${user.lastname}6###${user.lastname}7###${user.lastname}8"
It pulls customproperty1 list from all accounts corresponding to that endpoint. Then it constructs the samaccountname using the rule like ${user.lastname} eg "savla". It checks if this accountname is already available in the customproperty1 list. If not available, same will be used as samaccountname. If the samaccountname is unavailable, it will evaluate the second rule ${user.lastname}1 eg "savla1" and do the same check. If that does not exist, the same will be used as samaccountname.
Customproperty1 in this case should contain all samaccountname during Import.
The mapping for any unique attribute cannot be null in the CheckforUnique JSON eg "samaccountname": "" is not going to be valid.