Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Active Directory AD Account Create Update passing null Manager Attribute fails

ShubhamBabbar
New Contributor III
New Contributor III

Upon trying to create or update account in AD if user's manager account does not exists, the task fails with below error codes for manager attribute value:

JSON for Manager attribute:  "manager": "${if(managerAccount == null){''} else {managerAccount?.comments}}"
 
Logs:
Creating Account dn-CN=test user3,OU=External Accounts,OU=User Directory,DC=######,DC=com Datamap--[manager:,sAMAccountName:poc.testuser3,givenname:test,accountExpires:0,displayname:test user3,name:test user3,objectClass:[top, person, organizationalPerson, user],UnicodePwd:****,cn:test user3,sn:user3,userAccountControl:512,pwdLastSet:0,]

Error: Error while creating account in AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C09114B, comment: Error in attribute conversion operation, data 0, v4563

-------------------------------------------------------------------------------------------------------------------------------------

JSON for Manager attribute:  "manager": "${managerAccount?.comments}"

Logs:
Creating Account dn-CN=test user3,OU=External Accounts,OU=User Directory,DC=######,DC=com Datamap--[manager:null,sAMAccountName:poc.testuser3,givenname:test,accountExpires:0,displayname:test user3,name:test user3,objectClass:[top, person, organizationalPerson, user],UnicodePwd:****,cn:test user3,sn:user3,userAccountControl:512,pwdLastSet:0,]


Error: Error while creating account in AD - [LDAP: error code 19 - 000020B5: AtrErr: DSID-03153438, #1: 0: 000020B5: DSID-03153438, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 15000a (manager)

-------------------------------------------------------------------------------------------------------------------------------------

Provisioning works fine if the managerAccount exists.
Request if someone can help rectify what is  wrong with either of the above two logic when managerAccount is not present.

The only solution to this is using custom map using JSON builder through entire custom code.

ShubhamBabbar_0-1693483593448.png

4 REPLIES 4

pmahalle
All-Star
All-Star

Hi @ShubhamBabbar ,

Can you try below expression in your create and update account json and check:

"manager": "${if(managerAccount!=null){managerAccount.comments}}"


Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

ShubhamBabbar
New Contributor III
New Contributor III

Thanks Paddy, but unfortunately 

"manager": "${if(managerAccount!=null){managerAccount.comments}else{}}" and 
"manager": "${if(managerAccount!=null){managerAccount.comments}"

Both failed with error code 19.

armaanzahir
Valued Contributor
Valued Contributor

Hey @ShubhamBabbar 

Can you try the below code and check:

 

"manager": "${managerAccount==null?null:managerAccount.commnents}"

 

 

Regards,
Md Armaan Zahir

This is failing as well Armaan.