Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 12:56 PM
Hi,
When I am trying to create a Account without using userLogon(userPrincipalName) and homeDirectory, I am able to create a new amount in AD but with two attributes I am not able to do it.
{
"sAMAccountName": "${task.accountName}",
"givenName": "${user.firstname}",
"sn": "${user.lastname}",
"uid": "${user.username}",
"cn": "${user.displayname}",
"userPrincipalName":"${user.username}@corpdomain.com",
"homeDirectory": "\\dc=corpAD,dc=saviynt,dc=com\dfs\users\HomeDirectories\${user.username}",
"objectclass": [
"top",
"person",
"organizationalPerson",
"user"
]
}
Solved! Go to Solution.
04/12/2022 01:57 PM
Hi Suneel,
Greetings!!
We will definitely help you with the appropriate resolution.
Could you please include version detail and error information (if any ) you faced during provisioning.
Thanks & Regards,
Anand Kumar Jha
04/12/2022 01:57 PM
04/12/2022 01:57 PM
We are using Saviynt v5.4
04/12/2022 01:57 PM
Hi Suneel,
Greetings!!
Please attach the relative debugLogs here for further investigation.
Thanks & Regards,
Anand Kumar Jha
04/12/2022 01:57 PM
Account is creating in AD successfully without userPrincipalName and homeDirectory path. Please find the attached logs
04/12/2022 01:57 PM
any updates?
04/12/2022 01:58 PM
Hi Suneel,
Greetings!!
The logs which you have attached does not have Create Account Logs. I could see add access to account related logs.
Could you please help me with the logs. It would be helpful for me to carry out further investigation.
Thanks & Regards,
Anand Kumar Jha
04/12/2022 01:58 PM
Hi Anand,
PFA error log and evidence add other account attribute but not homeDirectory and userLogon(it should be with parent company domain name)
04/12/2022 01:58 PM
Hi Suneel,
Greetings!!
I didn't find debugLog in attachment. But, whatever the document you shared for test User8 has no relevent log in error.log.
Talking about errors which i witnessed in error log are multiple and has no connection with userPrincipalName and homeDirectory. I will try to address those errors which i saw in the logs shared by you for mutiple different users.
-------------------------------------
javax.naming.InvalidNameException: tUser6: [LDAP: error code 34 - 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:'tUser6'
*****************************************************************************************************************************
Possible reasons: 1) Domain Name which is being used in AccountNameRule is not valid or blank.wrong.
2) Name already exists at target/ Name and CN attributes contradicts each other (which shouldn't be the case).
****************************************************************************************************************************
Error in escapeLDAPSpecialChars for tUser6 - javax.naming.InvalidNameException
Error while creating account in AD - 172.19.55.214:636 javax.naming.CommunicationException: 172.19.55.214:636 [Root exception is java.net.ConnectException: Connection timed out (Connection timed out)]
************************************************************************************************************************
Possible Reasons: 1) Connection issue
2) Validate if you are using LDAPS connection and SSL connection is proper.
***********************************************************************************************************************
2020-06-01 18:51:12,353 [quartzScheduler_Worker-1] ERROR ldap.SaviyntGroovyLdapService - Exception
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000054F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'CN=CMCyberOps,CN=Users,DC=ny,DC=smbc-cm,DC=com'
**********************************************************************************************************************
Possible Reasons: 1) Permission issue
2) Validate if you are using LDAPS connection and SSL connection is proper.
In order to help further on this issue, I might need proper debugLog with log of a single user creation. Please clear the unnecessary logs and let's have the required pieces itself in debugLog.
Thanks & Regards,
Anand Kumar Jha
04/12/2022 01:58 PM
Hi Anand,
PFA debug log for test user8.
Regards,
04/12/2022 01:58 PM
Hi Suneel,
Greetings!!
The logs which you have provided is related to Add Access to account test user 8.
I do not see any issue here.
Taking a step back and asking you the question again related to this ticket.
Our issue was that creation of account fails with userPrincipalName and homeDirectory availability in createAccountJSON.
Please correct me, if that is not the issue.
If this is correct, please share me the debugLog of new account creation with the failure scenario which you sited.
Appreciate your response here.
Thanks & Regards,
Anand Kumar Jha
04/12/2022 01:58 PM
Hi Anand,
No account is creating successfully with Other Attributes like sAMAccountName,givenName,sn,uid,cn and objectclass in AD but homeDirectory and userPrincipalName with parent company domain name is not displaying.
userPrincipalName without parent company domain name is displaying fine.
homeDirectory is not displaying in any case.
04/12/2022 01:58 PM
Hi Suneel,
Greetings!!
I am bit confused with your statement, so wanna clarify here.
No account is creating successfully with Other Attributes like sAMAccountName,givenName,sn,uid,cn and objectclass in AD but homeDirectory and userPrincipalName with parent company domain name is not displaying.
So do you mean, Accounts provision is successful with Attributes like sAMAccountName,givenName,sn,uid,cn and objectclass in AD but homeDirectory and userPrincipalName with parent company domain name is not displaying. Is that the correct understanding?
In that case, please make sure that domain name you are sending in userPrincipalName is correct. Also make that, domain name is visible in User-logon Name extension on ADDUC.
Regarding, homeDirectory, We still need to see your account creation debugLog at SSM to comment. Without that, it is difficult to answer.
Thanks & regards,
Anand Kumar Jha