Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

ACCOUNTNAMERULE | ADSI

utkarshING
New Contributor III
New Contributor III

Hi Team,

Previously we were using the 23.8 version and earlier ACCOUNTNAMERULE was working as given below:-

{
"AccountNameRule": {
"Attributes": [
{
"cn": "${user.displayname}",
"baseDn": "${UserOUCalculation}"

}
]
}
}

 

But today we moved to the 24.5 version, during Save and Test the connection we got the error that RuleCheck is a mandatory attribute so, we put as below:-

{
"AccountNameRule": {
"Attributes": [
{
"cn": "${user.displayname}",
"baseDn": "${UserOUCalculation}",
"RuleCheck": "${user.username}"
}
]
}
}

but during testing account creation, we got an error 

 

Error while creating account in ADSI : { "status": "Failure", "failedObjects": [ { "status": "Failure", "message": "'objectClasses','cn', and 'baseDn' are mandatory attributes.", "messageCodes": "OBJ_ERR_MSG_00005" } ], "connectionString": "LDAP://USPLYSDCNA01.na.globalad.local" }{ "status": "Failure", "failedObjects": [ { "status": "Failure", "message": "'objectClasses','cn', and 'baseDn' are mandatory attributes.", "messageCodes": "OBJ_ERR_MSG_00005" } ], "connectionString": "LDAP://USPLYSDCNA01.na.globalad.local" }{ "status": "Failure", "failedObjects": [ { "status": "Failure", "message": "'objectClasses','cn', and 'baseDn' are mandatory attributes.", "messageCodes": "OBJ_ERR_MSG_00005" } ], "connectionString": "LDAP://USPLYSDCNA01.na.globalad.local" }

 

Kindly assist/suggest the correct ACCOUNTNAMERULE JSON.

 

Thanks,

Utkarsh Rathore

6 REPLIES 6

rushikeshvartak
All-Star
All-Star

{
"AccountNameRule": {
"Attributes": [
{
"cn": "ACCOUNTID",
"baseDN": "CN=Users,DC=saviyntlabs,DC=org",
"RuleCheck": "${user.lastname}, ${user.firstname}###${user.lastname}, ${user.firstname}1###${user.lastname}, ${user.firstname}2###${user.lastname}, ${user.firstname}3###${user.lastname}, ${user.firstname}4"
}
]
}
}

Refer above  sample https://docs.saviyntcloud.com/bundle/ADSI-v24x/page/Content/Configuring-the-Integration-for-Provisio... 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Thanks for your reply.

The AD connector was built by the Saviynt team they did not configure the RuleCheck in ACCOUNTNAMERULE but in newer version 24.5 they mandate the RuleCheck attribute. So, I tried to configure as "RuleCheck": "${user.username}" as we are using username as AD ID/account name,

I tested it out with one test user, and an account was created in AD. My doubt is 

will be there any major impact on existing or new users if I config as "RuleCheck": "${user.username}".

 

Thanks,

Utkarsh Rathore

Its not mandatory in our environment 24.5 

rushikeshvartak_0-1718390717685.png

You can remove mandatory thing - https://forums.saviynt.com/t5/identity-governance/aws-connection-failure-non-aws/m-p/92699 

 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

ACCOUNTNAMERULE is not mandatory but inside it,  RULECHECK attribute is required.

 

utkarshING_0-1718394506546.png

 

Thanks,

Utkarsh Rathore

If you are account name is username then there is no impact. 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

utkarshING
New Contributor III
New Contributor III

Thanks