Saviynt Forums

Santosh · ‎06/17/2024

Hello there, we have a requirement to keep the terminated users as disabled for 6 months in AD and we do the cleanup afterwards, but we don't want those disabled users to be showing up under Manager's Direct reports/organization on Active Directory. Our DISABLEACCOUNTJSON is,

{"moveUsertoOU": "OU=SAVIYNT_TEST_DISABLED_OU_USER", .........XXXXXXX.............."
"deleteAllGroups": "NO",
"userAccountControl": "514",
"manager": NULL
}

I have tried "manager":null and "manager":"" and I'm getting a error message as follows,

Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value

rushikeshvartak · ‎06/17/2024

{
"moveUsertoOU": "OU=SAVIYNT_TEST_DISABLED_OU_USER",
"deleteAllGroups": "NO",
"userAccountControl": "514",
"manager": {
"operation": "remove"
}
}

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Santosh · ‎06/17/2024

Tried that, got following error,

Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value

rushikeshvartak · ‎06/17/2024

{
"moveUsertoOU": "OU=SAVIYNT_TEST_DISABLED_OU_USER",
"deleteAllGroups": "NO",
"userAccountControl": "514",
"manager": null
}

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Santosh · ‎06/18/2024

@rushikeshvartak I have tried "manager": null and "manager": "" Infact that was 1st thing I tried as I set the pass string on connection params to TRUE. NULL didn't help either along with

"manager": {
"operation": "remove"
}

I'm thinking if, instead of "remove", can we do "DELETE"?

rushikeshvartak · ‎06/18/2024

It should be null and not NULL

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Santosh · ‎06/18/2024

@rushikeshvartak yes tried passing "manager":null . Infact, this was the 1st thing I tried. We also have,

SUPPORTEMPTYSTRING
Set to TRUE to send an empty value or null string during provisioning.
Default value is FALSE.

TRUE

and yet the issue holds the same.

rushikeshvartak · ‎06/18/2024

Can you share logs

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Saviynt Forums

Active Directory Manager still seeing disabled users under their direct reports.