Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/17/2024 09:16 AM
Hello there, we have a requirement to keep the terminated users as disabled for 6 months in AD and we do the cleanup afterwards, but we don't want those disabled users to be showing up under Manager's Direct reports/organization on Active Directory. Our DISABLEACCOUNTJSON is,
{"moveUsertoOU": "OU=SAVIYNT_TEST_DISABLED_OU_USER", .........XXXXXXX.............."
"deleteAllGroups": "NO",
"userAccountControl": "514",
"manager": NULL
}
I have tried "manager":null and "manager":"" and I'm getting a error message as follows,
Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value
06/17/2024 10:22 AM
{
"moveUsertoOU": "OU=SAVIYNT_TEST_DISABLED_OU_USER",
"deleteAllGroups": "NO",
"userAccountControl": "514",
"manager": {
"operation": "remove"
}
}
06/17/2024 12:24 PM
Tried that, got following error,
Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value
06/17/2024 06:38 PM
{
"moveUsertoOU": "OU=SAVIYNT_TEST_DISABLED_OU_USER",
"deleteAllGroups": "NO",
"userAccountControl": "514",
"manager": null
}
06/18/2024 06:04 AM
@rushikeshvartak I have tried "manager": null and "manager": "" Infact that was 1st thing I tried as I set the pass string on connection params to TRUE. NULL didn't help either along with
"manager": {
"operation": "remove"
}
I'm thinking if, instead of "remove", can we do "DELETE"?
06/18/2024 06:07 AM
It should be null and not NULL
06/18/2024 09:41 AM
@rushikeshvartak yes tried passing "manager":null . Infact, this was the 1st thing I tried. We also have,
SUPPORTEMPTYSTRING Set to TRUE to send an empty value or null string during provisioning. Default value is FALSE. | TRUE |
and yet the issue holds the same.
06/18/2024 10:54 AM
Can you share logs
07/08/2024 02:17 PM - last edited on 09/26/2024 04:59 AM by Sunil
This is the provisioning comment, and I have attached the log below as well.
Not sure this history key will help sort out the log but here i included this as well (historyKey : e1fbff46749b4b05a97e96d12294574a)
Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value
[This message has been edited by moderator to mask sensitive info]
07/08/2024 07:36 PM
"manager": ""
07/09/2024 06:33 AM
@rushikeshvartak as you can see on my post and couple responses above, I have already tried that, and it still gave the same error as above. I can try again, if it behaves differently this time.
07/12/2024 10:55 AM
Well still the same thing with "manager": ""
Error while Delete operation for account-stester in AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C091207, comment: Error in attribute conversion operation, data 0, v4563] Error while Delete operation for account-stester in AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C091207, comment: Error in attribute conversion operation, data 0, v4563]
09/26/2024 04:45 AM
Hi,
I'm having the same issue as well. I want to "clear" an attribute as part as of a disableaccount/enableaccount being run.
I've tried all the suggestions outlined in this forum post and I am getting the same behaviour as @Santosh has reported.
What is the correct way of clearing an attribute?
Thanks.
09/26/2024 09:32 AM
Seems no solution -https://forums.saviynt.com/t5/identity-governance/how-to-clear-manager-field-while-disabling-user-ad-account/m-p/33468#M18533