Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ADSI cross domain AD Group assignment

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:03 PM

Originally posted on October 27 2020 at 15:26 UTC

Hello Community,


I am trying to assign AD group which is present in domain B but the user account is present in domain A using the ADSI connector. I am getting below error while performing the WSRETRY job:


"status": "Failure",

"failedObjects": [

{

"id": "CN=Saviynt Test4,OU=Saviynt,OU=Testing,DC=aaa,DC=aaa,DC=com",

"status": "Failure",

"message": "Cannot update object, as group 'CN=Saviynt Testing,OU=Saviynt,OU=Testing,DC=bbb,DC=bbb,DC=com' already assigned to object.",

"messageCodes": "OBJ_INFO_MSG_00001",

"errorDetails": "OBJ_INFO_MSG_00001 : -2147016651 : The server is unwilling to process the request. (Exception from HRESULT: 0x80072035)"

}

],


Add Access JSON:


{

"objects": [

{

"objectClasses": [

"user"

],

"distinguishedName": "${accountID?.replace('\\', '\\\\')?.replace('/', '\\/')}",

"addGroup": "${entitlement_values}"

}

],

"requestConfiguration": {

"grpMemExistenceChk": {

"enable": true

}

}

}


Regards,

Yashpal

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
2 REPLIES 2

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:16 PM

Originally posted on October 28 2020 at 05:23 UTC

Hi Yashpal,


Greetings!!


A quick checklist here:

1) What type of Group it is? (Security-Global/Security-Universal/Security-DomainLocal/ Distribution-Global/ Distribution -Universal/ Distribution -DomainLocal )

2) Do the integration User has sufficient rights/privileges to perform Cross Domain assignments.


Recommendation:

If possible, Please have a look to the Scope of Provisioning Access in Active Directory Groups Matrix available at freshdesk.


Thanks & Regards,

Anand Kumar Jha

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 02:16 PM

Originally posted on October 28 2020 at 17:59 UTC

Thanks Anand, this is helpful

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
Copyright © 2024 Khoros, LLC