Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Account Name Creation for 19 characters

Srh2306
New Contributor
New Contributor

Account Name Rule:

We are restricting to only 19 characters from the systemusername to create the Samaccountname for AD application by the below configuration at endpoint level, however it's not working in the new 24.4 version. It worked well on 23.10.

Samie2306_2-1720718722665.png

saMAccountName:"${user.systemUserName}"

In 24.4 version we are getting below error on AD provisioning - Error while creating account in AD - [LDAP: error code 80 - 00000523: SysErr: DSID-031A1242, problem 22 (Invalid argument), data 0 ]

No error as such were seen in 23.10 and account got created as expected.

Any workaround to achieve this use case?

10 REPLIES 10

rushikeshvartak
All-Star
All-Star
  • Use advanced query LEFT(systemusername, 19)

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Srh2306
New Contributor
New Contributor

Getting same error still with below configuration.

Samie2306_0-1720719460966.pngSamie2306_1-1720719556643.png

 

Try with new account. and check on Step 2 before submitting request itself


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Srh2306
New Contributor
New Contributor

Unfortunately, I still see the same error message, tried with new user as well. Account name is getting limited to 19 character but provisioning error is seen.

 

Samie2306_0-1720732648541.png

Error while creating account in AD - [LDAP: error code 80 - 00000523: SysErr: DSID-031A1242, problem 22 (Invalid argument), data 0 ]

The error code [LDAP: error code 80 - 00000523: SysErr: DSID-031A1242, problem 22 (Invalid argument), data 0] typically indicates that there is an issue with one or more attributes being provided during the account creation process in Active Directory (AD). This can happen due to several reasons, such as invalid characters, attribute constraints, or missing required attributes.

 

Validate create Account JSON


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM
Honored Contributor II
Honored Contributor II

Hi @Srh2306 , share you create account json 

achoudhury
New Contributor
New Contributor

Hi,

 

Please find the below create account JSON-

{
saMAccountName:"${user.systemUserName}",
displayname:"${user.displayname}",
mail:"${user.email}",
sn:"${user.lastname}",
streetAddress:"${user.street}",
l:"${user.location}",
st:"${user.state}",
co:"${user.country}",
postalCode:"${user.regioncode}",
company:"***********",
title:"${user.title}",
manager:"${user.customproperty8}",
department:"${user.departmentname}",
departmentNumber:"${user.departmentNumber}",
description:"${user.customproperty1==null?('N'+user.username):('E'+user.username)}",
extensionAttribute4:"${if(user?.customproperty1.equals()){'N'}else{'E'}}",
employeeID:"${user.username}",
objectClass:["top","person","organizationalPerson","user"],
userPrincipalName:"${user.email}",
extensionAttribute1:"${user.username}",
extensionAttribute3:"${user?.startdate.format("yyyy/MM/dd")}",
employeeType:"${if(user?.customproperty1.equals()){(user.customproperty2)}else{(user.customproperty1)}}",
givenName:"${user.preferedFirstName}",
physicalDeliveryOfficeName:"${user.location} ${user.state}",
street:"${user.street}",
pwdLastSet:"0",
businessCategory:"******",
l:"${user.location}",
localeID:"${user.locationnumber}",
mailNickname:"${user?.email.replace('.','').replace('@','')}",
msExchExtensionAttribute16:"${user.systemUserName}@************.NET",
msExchExtensionAttribute19:"${user.systemUserName}@**********"
}

 

 

Does all attributes are not null for user requested ?

 

{
  "saMAccountName": "${user.systemUserName}",
  "displayname": "${user.displayname}",
  "mail": "${user.email}",
  "sn": "${user.lastname}",
  "streetAddress": "${user.street}",
  "l": "${user.location}",
  "st": "${user.state}",
  "co": "${user.country}",
  "postalCode": "${user.regioncode}",
  "company": "********",
  "title": "${user.title}",
  "manager": "${user.customproperty8}",
  "department": "${user.departmentname}",
  "departmentNumber": "${user.departmentNumber}",
  "description": "${user.customproperty1 == null ? ('N' + user.username) : ('E' + user.username)}",
  "extensionAttribute4": "${user.customproperty1 == null ? 'N' : 'E'}",
  "employeeID": "${user.username}",
  "objectClass": ["top", "person", "organizationalPerson", "user"],
  "userPrincipalName": "${user.email}",
  "extensionAttribute1": "${user.username}",
  "extensionAttribute3": "${user.startdate != null ? user.startdate.format('yyyy/MM/dd') : ''}",
  "employeeType": "${user.customproperty1 == null ? (user.customproperty2) : (user.customproperty1)}",
  "givenName": "${user.preferedFirstName}",
  "physicalDeliveryOfficeName": "${user.location} ${user.state}",
  "street": "${user.street}",
  "pwdLastSet": "0",
  "businessCategory": "******",
  "l": "${user.location}",
  "localeID": "${user.locationnumber}",
  "mailNickname": "${user.email.replace('.', '').replace('@', '')}",
  "msExchExtensionAttribute16": "${user.systemUserName}@************.NET",
  "msExchExtensionAttribute19": "${user.systemUserName}@**********"
}

[This post has been edited by a Moderator to remove sensitive information.]

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Srh2306
New Contributor
New Contributor

Yes, no fields are null. Also account creation works as expected where systemusername is less than 19 characters, so doesnt seem to be an issue with create accountJSOn.

saMAccountName:"${accountName}",


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.