Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/05/2024 02:41 AM - edited 09/05/2024 02:50 AM
Hi,
I have a query regarding AD account creation task. I have created a user whose manager's account does not exist in AD. For that user,AD Account creation task is not getting created. Is it due to manager's account not existing in AD or any other reasons might be there. Is it a expected behaviour? Please note the technical rule condition is getting satisfied.
09/09/2024 04:22 AM
Hi @Smitakkhi
Are you saying the task is not getting created or task is created provisioning is not happening .
Task getting created in saviynt is no where dependent to check the AD attributes it is completely internal to saviynt. So please check the logs while the rule is run to see why the task is not created.
Thanks
Darshan
09/09/2024 04:25 AM
Hi @Smitakkhi In our case we have observed that without manager provisioning won't work. So as far as I know manager account has to be there otherwise it will fail.
Regards,
Indra
09/09/2024 05:00 AM
Hi @Smitakkhi it isn't dependent on manager having AD account .. task will still be created .. prov might fail
09/09/2024 05:32 AM
09/09/2024 05:39 AM
Hi,
I also have the same understanding that provisioning task should be created but it will fail in AD side. But here task is only not getting created. Please find my create account JSON below-
{
"co": "${user.country}",
"department": "${user.departmentname}",
"displayname": "${user.displayname}",
"employeeType": "${user.employeeType}",
"givenName": "${user.firstname}",
"l": "${user.city}",
"mail": "${user.email}",
"name": "${user.displayname}",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"physicalDeliveryOfficeName": "${user.location}",
"manager": "${managerAccount.accountID}",
"pwdLastSet": "0",
"sAMAccountName": "${user.customproperty2}",
"sn": "${user.lastname}",
"streetAddress": "${user.street}",
"title": "${user.title}",
"extensionAttribute11": "Personal",
"c": "${user.customproperty3}",
"company": "${user.companyname}",
"countryCode": "${user.customproperty14}",
"division": "${user.customproperty6}",
"msDS-cloudExtensionAttribute1": "${user.customproperty7}",
"msDS-cloudExtensionAttribute2": "${user.customproperty8}",
"msDS-cloudExtensionAttribute3": "GBU99",
"flags": "1",
"userPrincipalName": "${user.customproperty1}",
"employeeID": "${user.employeeid}",
"accountExpires": "${ if (user.enddate != null){10000*(user.enddate.getTime() + 11644473600000 +86340000)} else {'0'}}",
"proxyaddresses": [
"SMTP:${user.customproperty1}"
]
}
09/09/2024 05:41 AM
Can you share error logs in text file, also mention task id
09/10/2024 12:24 AM
Hi,
I have analysed the issue . Few of the user attributes were populated from manager. But the manager selected did not have those values so for user also these values were null. So the technical rule was not satisfied due to which the task was not getting triggered. Now I have change the manager to a valid account(having AD account and all values populated) and update account policy is getting triggered but the update account task is not getting triggered.
The Update Account policy
f Users.companyname is updated
OR Users.Manager is updated
OR Users.Org ID is updated
OR Users.Division is updated
OR Users.Title is updated
OR Users.Department Name is updated
Then
(Create Update Account Task [Endpoint: Some Endpoint, Connection: Active Directory ])
Update Account JSON
{
"manager": "${managerAccount.accountID}",
"title": "${user.title}",
"department": "${user.departmentname}",
"displayname": "${user.displayname}",
"employeetype": "${user.employeeType}",
"userPrincipalName": "${user.customproperty1}",
"sAMAccountName": "${user.customproperty2}",
"company": "${user.companyname}",
"accountExpires": "${ if (user.enddate != null){10000*(user.enddate.getTime() + 11644473600000 +86340000)} else {'0'}}"
]
}
09/10/2024 01:04 AM
@Smitakkhi what is the status of account?
09/10/2024 06:19 AM
Please share logs
09/10/2024 01:24 AM
No account is created.