Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

createAccountJSON in AD Connector is not working for userPrincipalName and homeDirectory

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on May 26 2020 at 19:01 UTC

Hi,

When I am trying to create a Account without using userLogon(userPrincipalName) and homeDirectory, I am able to create a new amount in AD but with two attributes I am not able to do it.

{

"sAMAccountName": "${task.accountName}",

"givenName": "${user.firstname}",

"sn": "${user.lastname}",

"uid": "${user.username}",

"cn": "${user.displayname}",

"userPrincipalName":"${user.username}@corpdomain.com",

"homeDirectory": "\\dc=corpAD,dc=saviynt,dc=com\dfs\users\HomeDirectories\${user.username}",

"objectclass": [

"top",

"person",

"organizationalPerson",

"user"

]

}


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
13 REPLIES 13

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on May 27 2020 at 04:14 UTC

Hi Suneel,


Greetings!!


We will definitely help you with the appropriate resolution.

Could you please include version detail and error information (if any ) you faced during provisioning.


Thanks & Regards,

Anand Kumar Jha

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on May 27 2020 at 13:16 UTC

Hi Anand,
I am using 5.4 version.
This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on May 28 2020 at 13:24 UTC

We are using Saviynt v5.4

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on May 28 2020 at 13:37 UTC

Hi Suneel,


Greetings!!

Please attach the relative debugLogs here for further investigation.


Thanks & Regards,

Anand Kumar Jha

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on May 28 2020 at 13:41 UTC

Account is creating in AD successfully without userPrincipalName and homeDirectory path. Please find the attached logs

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 1 2020 at 15:14 UTC

any updates?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 2 2020 at 04:53 UTC

Hi Suneel,


Greetings!!


The logs which you have attached does not have Create Account Logs. I could see add access to account related logs.

Could you please help me with the logs. It would be helpful for me to carry out further investigation.


Thanks & Regards,

Anand Kumar Jha

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 2 2020 at 16:25 UTC

Hi Anand,


PFA error log and evidence add other account attribute but not homeDirectory and userLogon(it should be with parent company domain name)



This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 3 2020 at 06:09 UTC

Hi Suneel,


Greetings!!

I didn't find debugLog in attachment. But, whatever the document you shared for test User8 has no relevent log in error.log.

Talking about errors which i witnessed in error log are multiple and has no connection with userPrincipalName and homeDirectory. I will try to address those errors which i saw in the logs shared by you for mutiple different users.


-------------------------------------

javax.naming.InvalidNameException: tUser6: [LDAP: error code 34 - 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:'tUser6'

*****************************************************************************************************************************

Possible reasons: 1) Domain Name which is being used in AccountNameRule is not valid or blank.wrong.

2) Name already exists at target/ Name and CN attributes contradicts each other (which shouldn't be the case).

****************************************************************************************************************************

Error in escapeLDAPSpecialChars for tUser6 - javax.naming.InvalidNameException

Error while creating account in AD - 172.19.55.214:636 javax.naming.CommunicationException: 172.19.55.214:636 [Root exception is java.net.ConnectException: Connection timed out (Connection timed out)]

************************************************************************************************************************

Possible Reasons: 1) Connection issue

2) Validate if you are using LDAPS connection and SSL connection is proper.

***********************************************************************************************************************

2020-06-01 18:51:12,353 [quartzScheduler_Worker-1] ERROR ldap.SaviyntGroovyLdapService - Exception

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000054F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0

]; remaining name 'CN=CMCyberOps,CN=Users,DC=ny,DC=smbc-cm,DC=com'

**********************************************************************************************************************

Possible Reasons: 1) Permission issue

2) Validate if you are using LDAPS connection and SSL connection is proper.



In order to help further on this issue, I might need proper debugLog with log of a single user creation. Please clear the unnecessary logs and let's have the required pieces itself in debugLog.


Thanks & Regards,

Anand Kumar Jha

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 3 2020 at 15:16 UTC

Hi Anand,


PFA debug log for test user8.


Regards,

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 4 2020 at 05:36 UTC

Hi Suneel,


Greetings!!


The logs which you have provided is related to Add Access to account test user 8.

I do not see any issue here.

Taking a step back and asking you the question again related to this ticket.

Our issue was that creation of account fails with userPrincipalName and homeDirectory availability in createAccountJSON.

Please correct me, if that is not the issue.

If this is correct, please share me the debugLog of new account creation with the failure scenario which you sited.

Appreciate your response here.


Thanks & Regards,

Anand Kumar Jha

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 4 2020 at 14:34 UTC

Hi Anand,


No account is creating successfully with Other Attributes like sAMAccountName,givenName,sn,uid,cn and objectclass in AD but homeDirectory and userPrincipalName with parent company domain name is not displaying.

userPrincipalName without parent company domain name is displaying fine.

homeDirectory is not displaying in any case.


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 5 2020 at 06:02 UTC

Hi Suneel,


Greetings!!


I am bit confused with your statement, so wanna clarify here.


No account is creating successfully with Other Attributes like sAMAccountName,givenName,sn,uid,cn and objectclass in AD but homeDirectory and userPrincipalName with parent company domain name is not displaying.


So do you mean, Accounts provision is successful with Attributes like sAMAccountName,givenName,sn,uid,cn and objectclass in AD but homeDirectory and userPrincipalName with parent company domain name is not displaying. Is that the correct understanding?


In that case, please make sure that domain name you are sending in userPrincipalName is correct. Also make that, domain name is visible in User-logon Name extension on ADDUC.


Regarding, homeDirectory, We still need to see your account creation debugLog at SSM to comment. Without that, it is difficult to answer.


Thanks & regards,

Anand Kumar Jha

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.