Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD account creation task not getting triggered if owner/manager account does not exist in AD

Smitakkhi
New Contributor II
New Contributor II

‎09/05/2024 02:41 AM - edited ‎09/05/2024 02:50 AM

Hi,

I have a query regarding AD account creation task. I have created a user whose manager's account does not exist in AD. For that user,AD Account creation task is not getting created. Is it due to manager's account not existing in AD or any other reasons might be there. Is it a expected behaviour?  Please note the technical rule condition is getting satisfied.

 

 

 

0 Kudos
10 REPLIES 10

Darshanjain
Saviynt Employee
Saviynt Employee

‎09/09/2024 04:22 AM

Hi @Smitakkhi 

Are you saying the task is not getting created or task is created provisioning is not happening .

 

Task getting created in saviynt is no where dependent to check the AD attributes it is completely internal to saviynt. So please check the logs while the rule is run to see why the task is not created.

 

Thanks
Darshan

0 Kudos

indra_hema_95
Regular Contributor III
Regular Contributor III

‎09/09/2024 04:25 AM

Hi @Smitakkhi In our case we have observed that without manager provisioning won't work. So as far as I know manager account has to be there otherwise it will fail.

Regards,

Indra

0 Kudos

NM
Honored Contributor II
Honored Contributor II

‎09/09/2024 05:00 AM

Hi @Smitakkhi it isn't dependent on manager having AD account .. task will still be created .. prov might fail

0 Kudos

rushikeshvartak
All-Star
All-Star

‎09/09/2024 05:32 AM

  • Please share create account JSON

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Smitakkhi
New Contributor II
New Contributor II
In response to rushikeshvartak

‎09/09/2024 05:39 AM

Hi,

I also have the same understanding that provisioning task should be created but it will fail in AD side. But here task is only not getting created. Please find my create account JSON below-

{
"co": "${user.country}",
"department": "${user.departmentname}",
"displayname": "${user.displayname}",
"employeeType": "${user.employeeType}",
"givenName": "${user.firstname}",
"l": "${user.city}",
"mail": "${user.email}",
"name": "${user.displayname}",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"physicalDeliveryOfficeName": "${user.location}",
"manager": "${managerAccount.accountID}",
"pwdLastSet": "0",
"sAMAccountName": "${user.customproperty2}",
"sn": "${user.lastname}",
"streetAddress": "${user.street}",
"title": "${user.title}",
"extensionAttribute11": "Personal",
"c": "${user.customproperty3}",
"company": "${user.companyname}",
"countryCode": "${user.customproperty14}",
"division": "${user.customproperty6}",
"msDS-cloudExtensionAttribute1": "${user.customproperty7}",
"msDS-cloudExtensionAttribute2": "${user.customproperty8}",
"msDS-cloudExtensionAttribute3": "GBU99",
"flags": "1",
"userPrincipalName": "${user.customproperty1}",
"employeeID": "${user.employeeid}",
"accountExpires": "${ if (user.enddate != null){10000*(user.enddate.getTime() + 11644473600000 +86340000)} else {'0'}}",
"proxyaddresses": [
"SMTP:${user.customproperty1}"
]
}

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Smitakkhi

‎09/09/2024 05:41 AM

Can you share error logs in text file, also mention task id


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Smitakkhi
New Contributor II
New Contributor II
In response to rushikeshvartak

‎09/10/2024 12:24 AM

Hi,

I have analysed the issue . Few of the user attributes were populated from manager. But the manager selected did not have those values so for user also these values were null. So the technical rule was not satisfied due to which the task was not getting triggered. Now I have change the manager to a valid account(having AD account and all values populated) and update account policy is getting triggered but the update account task is not getting triggered.

The Update Account policy

Users.companyname is updated
OR Users.Manager is updated
OR Users.Org ID is updated
OR Users.Division is updated
OR Users.Title is updated
OR Users.Department Name is updated
Then
(Create Update Account Task [Endpoint: Some Endpoint, Connection: Active Directory ])

 

 

Update Account JSON

{
"manager": "${managerAccount.accountID}",
"title": "${user.title}",
"department": "${user.departmentname}",
"displayname": "${user.displayname}",
"employeetype": "${user.employeeType}",
"userPrincipalName": "${user.customproperty1}",
"sAMAccountName": "${user.customproperty2}",
"company": "${user.companyname}",
"accountExpires": "${ if (user.enddate != null){10000*(user.enddate.getTime() + 11644473600000 +86340000)} else {'0'}}"
]
}

 

0 Kudos

NM
Honored Contributor II
Honored Contributor II
In response to Smitakkhi

‎09/10/2024 01:04 AM

@Smitakkhi what is the status of account?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Smitakkhi

‎09/10/2024 06:19 AM

Please share logs


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Smitakkhi
New Contributor II
New Contributor II

‎09/10/2024 01:24 AM

No account is created.

0 Kudos
Copyright © 2024 Khoros, LLC