Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 01:03 PM
Hello Community,
I am trying to assign AD group which is present in domain B but the user account is present in domain A using the ADSI connector. I am getting below error while performing the WSRETRY job:
"status": "Failure",
"failedObjects": [
{
"id": "CN=Saviynt Test4,OU=Saviynt,OU=Testing,DC=aaa,DC=aaa,DC=com",
"status": "Failure",
"message": "Cannot update object, as group 'CN=Saviynt Testing,OU=Saviynt,OU=Testing,DC=bbb,DC=bbb,DC=com' already assigned to object.",
"messageCodes": "OBJ_INFO_MSG_00001",
"errorDetails": "OBJ_INFO_MSG_00001 : -2147016651 : The server is unwilling to process the request. (Exception from HRESULT: 0x80072035)"
}
],
Add Access JSON:
{
"objects": [
{
"objectClasses": [
"user"
],
"distinguishedName": "${accountID?.replace('\\', '\\\\')?.replace('/', '\\/')}",
"addGroup": "${entitlement_values}"
}
],
"requestConfiguration": {
"grpMemExistenceChk": {
"enable": true
}
}
}
Regards,
Yashpal
Solved! Go to Solution.
04/12/2022 02:16 PM
Hi Yashpal,
Greetings!!
A quick checklist here:
1) What type of Group it is? (Security-Global/Security-Universal/Security-DomainLocal/ Distribution-Global/ Distribution -Universal/ Distribution -DomainLocal )
2) Do the integration User has sufficient rights/privileges to perform Cross Domain assignments.
Recommendation:
If possible, Please have a look to the Scope of Provisioning Access in Active Directory Groups Matrix available at freshdesk.
Thanks & Regards,
Anand Kumar Jha
04/12/2022 02:16 PM
Thanks Anand, this is helpful