Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/11/2024 10:26 AM
Account Name Rule:
We are restricting to only 19 characters from the systemusername to create the Samaccountname for AD application by the below configuration at endpoint level, however it's not working in the new 24.4 version. It worked well on 23.10.
saMAccountName:"${user.systemUserName}"
In 24.4 version we are getting below error on AD provisioning - Error while creating account in AD - [LDAP: error code 80 - 00000523: SysErr: DSID-031A1242, problem 22 (Invalid argument), data 0 ]
No error as such were seen in 23.10 and account got created as expected.
Any workaround to achieve this use case?
07/11/2024 10:27 AM - edited 07/11/2024 10:28 AM
07/11/2024 10:39 AM
Getting same error still with below configuration.
07/11/2024 12:32 PM
Try with new account. and check on Step 2 before submitting request itself
07/11/2024 02:18 PM
Unfortunately, I still see the same error message, tried with new user as well. Account name is getting limited to 19 character but provisioning error is seen.
Error while creating account in AD - [LDAP: error code 80 - 00000523: SysErr: DSID-031A1242, problem 22 (Invalid argument), data 0 ]
07/11/2024 07:23 PM - edited 07/11/2024 07:24 PM
The error code [LDAP: error code 80 - 00000523: SysErr: DSID-031A1242, problem 22 (Invalid argument), data 0] typically indicates that there is an issue with one or more attributes being provided during the account creation process in Active Directory (AD). This can happen due to several reasons, such as invalid characters, attribute constraints, or missing required attributes.
Validate create Account JSON
07/11/2024 10:42 PM
Hi @Srh2306 , share you create account json
07/12/2024 12:39 AM - edited 07/12/2024 10:33 AM
Hi,
Please find the below create account JSON-
{
saMAccountName:"${user.systemUserName}",
displayname:"${user.displayname}",
mail:"${user.email}",
sn:"${user.lastname}",
streetAddress:"${user.street}",
l:"${user.location}",
st:"${user.state}",
co:"${user.country}",
postalCode:"${user.regioncode}",
company:"***********",
title:"${user.title}",
manager:"${user.customproperty8}",
department:"${user.departmentname}",
departmentNumber:"${user.departmentNumber}",
description:"${user.customproperty1==null?('N'+user.username):('E'+user.username)}",
extensionAttribute4:"${if(user?.customproperty1.equals()){'N'}else{'E'}}",
employeeID:"${user.username}",
objectClass:["top","person","organizationalPerson","user"],
userPrincipalName:"${user.email}",
extensionAttribute1:"${user.username}",
extensionAttribute3:"${user?.startdate.format("yyyy/MM/dd")}",
employeeType:"${if(user?.customproperty1.equals()){(user.customproperty2)}else{(user.customproperty1)}}",
givenName:"${user.preferedFirstName}",
physicalDeliveryOfficeName:"${user.location} ${user.state}",
street:"${user.street}",
pwdLastSet:"0",
businessCategory:"******",
l:"${user.location}",
localeID:"${user.locationnumber}",
mailNickname:"${user?.email.replace('.','').replace('@','')}",
msExchExtensionAttribute16:"${user.systemUserName}@************.NET",
msExchExtensionAttribute19:"${user.systemUserName}@**********"
}
07/12/2024 08:31 AM - last edited on 07/12/2024 12:29 PM by Dave
Does all attributes are not null for user requested ?
{
"saMAccountName": "${user.systemUserName}",
"displayname": "${user.displayname}",
"mail": "${user.email}",
"sn": "${user.lastname}",
"streetAddress": "${user.street}",
"l": "${user.location}",
"st": "${user.state}",
"co": "${user.country}",
"postalCode": "${user.regioncode}",
"company": "********",
"title": "${user.title}",
"manager": "${user.customproperty8}",
"department": "${user.departmentname}",
"departmentNumber": "${user.departmentNumber}",
"description": "${user.customproperty1 == null ? ('N' + user.username) : ('E' + user.username)}",
"extensionAttribute4": "${user.customproperty1 == null ? 'N' : 'E'}",
"employeeID": "${user.username}",
"objectClass": ["top", "person", "organizationalPerson", "user"],
"userPrincipalName": "${user.email}",
"extensionAttribute1": "${user.username}",
"extensionAttribute3": "${user.startdate != null ? user.startdate.format('yyyy/MM/dd') : ''}",
"employeeType": "${user.customproperty1 == null ? (user.customproperty2) : (user.customproperty1)}",
"givenName": "${user.preferedFirstName}",
"physicalDeliveryOfficeName": "${user.location} ${user.state}",
"street": "${user.street}",
"pwdLastSet": "0",
"businessCategory": "******",
"l": "${user.location}",
"localeID": "${user.locationnumber}",
"mailNickname": "${user.email.replace('.', '').replace('@', '')}",
"msExchExtensionAttribute16": "${user.systemUserName}@************.NET",
"msExchExtensionAttribute19": "${user.systemUserName}@**********"
}
[This post has been edited by a Moderator to remove sensitive information.]
07/12/2024 09:05 AM
Yes, no fields are null. Also account creation works as expected where systemusername is less than 19 characters, so doesnt seem to be an issue with create accountJSOn.
07/12/2024 10:07 AM
saMAccountName:"${accountName}",