Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active Directory Add access and Remove Access tasks getting errored out

AuvikDey
New Contributor III
New Contributor III

‎03/11/2024 11:41 AM

Hi All,

We have create a child endpoint in Active directory through endpoint filter and trying to provision/deprovision entitlements of that child endpoint for the users who have active directory accounts and also account in that child endpoint. The 1st time when the user creates the child endpoint account and provisions entitlement, it works fine.

Issue comes when we try to provision another entitlement for the same user or we try to remove entitlement from the existing user.

it gives kind of following provisioning error comments:

Remove Access ::

AuvikDey_0-1710182281183.png

Add Access::

AuvikDey_1-1710182419562.png

Please help here,  as I am not understanding which configuration is missing

 

Labels:
0 Kudos
2 REPLIES 2

rushikeshvartak
All-Star
All-Star

‎03/11/2024 07:44 PM

Can you try with entitlement request option as Table instead of drop down


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

AuvikDey
New Contributor III
New Contributor III

‎03/13/2024 04:08 AM

Hi @rushikeshvartak , @pmahalle 
When we are having the AccountID mapped to "ObjectGUID" in Account Attributes, it is failing for add access task, remove access task AD operations with LDAP error codes.

But when we tried to map the AccountID mapped to "DisntinguishedName" in Account attributes, reconcilied all the accounts and then tried to add access/ remove access - It was working fine.

I referred this forums post (https://forums.saviynt.com/t5/identity-governance/ad-connection-not-found-dn-while-creating-account/....

Please confirm if it is always recommended to map AD AccountID to Distinguished name

0 Kudos
Copyright © 2024 Khoros, LLC