Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Active Directory Manager still seeing disabled users under their direct reports.

Santosh
Regular Contributor
Regular Contributor

‎06/17/2024 09:16 AM

Hello there, we have a requirement to keep the terminated users as disabled for 6 months in AD and we do the cleanup afterwards, but we don't want those disabled users to be showing up under Manager's Direct reports/organization on Active Directory. Our DISABLEACCOUNTJSON is,

{"moveUsertoOU": "OU=SAVIYNT_TEST_DISABLED_OU_USER", .........XXXXXXX.............."
"deleteAllGroups": "NO",
"userAccountControl": "514",
"manager": NULL
}

I have tried "manager":null and "manager":"" and I'm getting a error message as follows,

Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value

0 Kudos
13 REPLIES 13

rushikeshvartak
All-Star
All-Star

‎06/17/2024 10:22 AM

{
"moveUsertoOU": "OU=SAVIYNT_TEST_DISABLED_OU_USER",
"deleteAllGroups": "NO",
"userAccountControl": "514",
"manager": {
"operation": "remove"
}
}


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Santosh
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎06/17/2024 12:24 PM

Tried that, got following error,

Error while Delete operation for account-stesting in AD - Malformed 'manager' attribute value

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Santosh

‎06/17/2024 06:38 PM

{
"moveUsertoOU": "OU=SAVIYNT_TEST_DISABLED_OU_USER",
"deleteAllGroups": "NO",
"userAccountControl": "514",
"manager": null
}


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Santosh
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎06/18/2024 06:04 AM

@rushikeshvartak I have tried "manager": null and "manager": "" Infact that was 1st thing I tried as I set the pass string on connection params to TRUE.  NULL didn't help either along with 

"manager": {
"operation": "remove"

I'm thinking if, instead of "remove", can we do "DELETE"?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Santosh

‎06/18/2024 06:07 AM

It should be null and not NULL


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Santosh
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎06/18/2024 09:41 AM

@rushikeshvartak yes tried passing "manager":null . Infact, this was the 1st thing I tried. We also have,

SUPPORTEMPTYSTRING
Set to TRUE to send an empty value or null string during provisioning.
Default value is FALSE.		TRUE

and yet the issue holds the same.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Santosh

‎06/18/2024 10:54 AM

Can you share logs


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Santosh
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎07/08/2024 02:17 PM - last edited on ‎09/26/2024 04:59 AM by Community Manager

This is the provisioning comment, and I have attached the log below as well.

Not sure this history key will help sort out the log but here i included this as well (historyKey : e1fbff46749b4b05a97e96d12294574a)

Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value Error while Delete operation for account-swednesday in AD - Malformed 'manager' attribute value

[This message has been edited by moderator to mask sensitive info]

Preview file
2158 KB
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Santosh

‎07/08/2024 07:36 PM

"manager": ""


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Santosh
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎07/09/2024 06:33 AM

@rushikeshvartak as you can see on my post and couple responses above, I have already tried that, and it still gave the same error as above. I can try again, if it behaves differently this time.

0 Kudos

Santosh
Regular Contributor
Regular Contributor
In response to Santosh

‎07/12/2024 10:55 AM

Well still the same thing with "manager": ""

Error while Delete operation for account-stester in AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C091207, comment: Error in attribute conversion operation, data 0, v4563] Error while Delete operation for account-stester in AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C091207, comment: Error in attribute conversion operation, data 0, v4563]

0 Kudos

AliW
New Contributor
New Contributor

‎09/26/2024 04:45 AM

Hi, 

I'm having the same issue as well. I want to "clear" an attribute as part as of a disableaccount/enableaccount being run.

I've tried all the suggestions outlined in this forum post and I am getting the same behaviour as @Santosh has reported.

What is the correct way of clearing an attribute?

Thanks.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to AliW

‎09/26/2024 09:32 AM

Seems no solution -https://forums.saviynt.com/t5/identity-governance/how-to-clear-manager-field-while-disabling-user-ad-account/m-p/33468#M18533


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC