Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/17/2024 09:16 AM
Hello there, we have a requirement to keep the terminated users as disabled for 6 months in AD and we do the cleanup afterwards, but we don't want those disabled users to be showing up under Manager's Direct reports/organization on Active Directory. Our DISABLEACCOUNTJSON is,
{"moveUsertoOU": "OU=SAVIYNT_TEST_DISABLED_OU_USER", .........XXXXXXX.............."
"deleteAllGroups": "NO",
"userAccountControl": "514",
"manager": NULL
}
I have tried "manager":null and "manager":"" and I'm getting a error message as follows,
Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value
06/17/2024 10:22 AM
{
"moveUsertoOU": "OU=SAVIYNT_TEST_DISABLED_OU_USER",
"deleteAllGroups": "NO",
"userAccountControl": "514",
"manager": {
"operation": "remove"
}
}
06/17/2024 12:24 PM
Tried that, got following error,
Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value
06/17/2024 06:38 PM
{
"moveUsertoOU": "OU=SAVIYNT_TEST_DISABLED_OU_USER",
"deleteAllGroups": "NO",
"userAccountControl": "514",
"manager": null
}
06/18/2024 06:04 AM
@rushikeshvartak I have tried "manager": null and "manager": "" Infact that was 1st thing I tried as I set the pass string on connection params to TRUE. NULL didn't help either along with
"manager": {
"operation": "remove"
}
I'm thinking if, instead of "remove", can we do "DELETE"?
06/18/2024 06:07 AM
It should be null and not NULL
06/18/2024 09:41 AM
@rushikeshvartak yes tried passing "manager":null . Infact, this was the 1st thing I tried. We also have,
SUPPORTEMPTYSTRING Set to TRUE to send an empty value or null string during provisioning. Default value is FALSE. | TRUE |
and yet the issue holds the same.
06/18/2024 10:54 AM
Can you share logs
07/08/2024 02:17 PM
This is the provisioning comment, and I have attached the log below as well.
Not sure this history key will help sort out the log but here i included this as well (historyKey : e1fbff46749b4b05a97e96d12294574a)
Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value
07/08/2024 07:36 PM
"manager": ""
07/09/2024 06:33 AM
@rushikeshvartak as you can see on my post and couple responses above, I have already tried that, and it still gave the same error as above. I can try again, if it behaves differently this time.
07/12/2024 10:55 AM
Well still the same thing with "manager": ""
Error while Delete operation for account-stester in AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C091207, comment: Error in attribute conversion operation, data 0, v4563] Error while Delete operation for account-stester in AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C091207, comment: Error in attribute conversion operation, data 0, v4563]