Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

AD account created in disabled OU during rehire

nitishdas
New Contributor
New Contributor

Hello,

The AD accounts for rehired users are getting created in disabled OU if there is already a disabled account whose status is set to "SUSPENDED FROM IMPORT SERVICE". We have a user update rule which is used to retrigger the birthright rule which creates a AD account as a birthright account for the users whose AD account shows the above status. Once we run this user update rule and it triggers the birthright rule it creates an account but the OU shows in Disabled Users. Not sure if any of the below two connection parameters is creating this issue:

nitishdas_0-1698335622770.png

 

7 REPLIES 7

Saathvik
All-Star
All-Star

@nitishdas : Are you moving the users to disabled OU upon termination? Can you share full JSON you have used for REMOVEACCOUNTACTION and also did you configure anything on REUSEACCOUNTJSON , If so can you please that as well?

 

Incase, If you are moving to disabled OU on termination, then you must configure REUSEACCOUNTJSON to move them back to appropriate OU upon rehire.


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Hello,

There is no configuration setup for REUSEACCOUNTJSON. Please find the screenshot of the REMOVEACCOUNTACTION JSON.

nitishdas_0-1698380616080.png

 

@nitishdas I can see REUSEACCOUNTJSON in AD connection

SumathiSomala_0-1698382128831.png

SumathiSomala_1-1698382311787.png

You have to specify REUSEACCOUNTOU in REUSEACCOUNTJSON to move them to correct OU.

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

If the user is rehired after a long time say after 90 days and we don't want to use that old account but in saviynt that old account shows deleted and status as "SUSPENDED FROM IMPORT SERVICE". Then in that case should I need to change "REUSEINACTIVEACCOUNT" to FALSE?

YES correct, If you don't want to reuse inactive accounts upon rehire 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Hi @Saathvik ,

I tried this but still the new account creation is happening in the disabled OU.

nitishdas_0-1703226108512.png

 

rushikeshvartak
All-Star
All-Star

Refer https://docs.saviyntcloud.com/bundle/AD-v23x/page/Content/Configuring-the-Integration-for-Provisioni...


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.