Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

AD account creation task not getting triggered if owner/manager account does not exist in AD

Smitakkhi
New Contributor II
New Contributor II

Hi,

I have a query regarding AD account creation task. I have created a user whose manager's account does not exist in AD. For that user,AD Account creation task is not getting created. Is it due to manager's account not existing in AD or any other reasons might be there. Is it a expected behaviour?  Please note the technical rule condition is getting satisfied.

 

 

 

10 REPLIES 10

Darshanjain
Saviynt Employee
Saviynt Employee

Hi @Smitakkhi 

Are you saying the task is not getting created or task is created provisioning is not happening .

 

Task getting created in saviynt is no where dependent to check the AD attributes it is completely internal to saviynt. So please check the logs while the rule is run to see why the task is not created.

 

Thanks
Darshan

indra_hema_95
Regular Contributor III
Regular Contributor III

Hi @Smitakkhi In our case we have observed that without manager provisioning won't work. So as far as I know manager account has to be there otherwise it will fail.

Regards,

Indra

NM
Honored Contributor II
Honored Contributor II

Hi @Smitakkhi it isn't dependent on manager having AD account .. task will still be created .. prov might fail

rushikeshvartak
All-Star
All-Star
  • Please share create account JSON

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi,

I also have the same understanding that provisioning task should be created but it will fail in AD side. But here task is only not getting created. Please find my create account JSON below-

{
"co": "${user.country}",
"department": "${user.departmentname}",
"displayname": "${user.displayname}",
"employeeType": "${user.employeeType}",
"givenName": "${user.firstname}",
"l": "${user.city}",
"mail": "${user.email}",
"name": "${user.displayname}",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"physicalDeliveryOfficeName": "${user.location}",
"manager": "${managerAccount.accountID}",
"pwdLastSet": "0",
"sAMAccountName": "${user.customproperty2}",
"sn": "${user.lastname}",
"streetAddress": "${user.street}",
"title": "${user.title}",
"extensionAttribute11": "Personal",
"c": "${user.customproperty3}",
"company": "${user.companyname}",
"countryCode": "${user.customproperty14}",
"division": "${user.customproperty6}",
"msDS-cloudExtensionAttribute1": "${user.customproperty7}",
"msDS-cloudExtensionAttribute2": "${user.customproperty8}",
"msDS-cloudExtensionAttribute3": "GBU99",
"flags": "1",
"userPrincipalName": "${user.customproperty1}",
"employeeID": "${user.employeeid}",
"accountExpires": "${ if (user.enddate != null){10000*(user.enddate.getTime() + 11644473600000 +86340000)} else {'0'}}",
"proxyaddresses": [
"SMTP:${user.customproperty1}"
]
}

Can you share error logs in text file, also mention task id


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi,

I have analysed the issue . Few of the user attributes were populated from manager. But the manager selected did not have those values so for user also these values were null. So the technical rule was not satisfied due to which the task was not getting triggered. Now I have change the manager to a valid account(having AD account and all values populated) and update account policy is getting triggered but the update account task is not getting triggered.

The Update Account policy

Users.companyname is updated
OR Users.Manager is updated
OR Users.Org ID is updated
OR Users.Division is updated
OR Users.Title is updated
OR Users.Department Name is updated
Then
(Create Update Account Task [Endpoint: Some Endpoint, Connection: Active Directory ])

 

 

Update Account JSON

{
"manager": "${managerAccount.accountID}",
"title": "${user.title}",
"department": "${user.departmentname}",
"displayname": "${user.displayname}",
"employeetype": "${user.employeeType}",
"userPrincipalName": "${user.customproperty1}",
"sAMAccountName": "${user.customproperty2}",
"company": "${user.companyname}",
"accountExpires": "${ if (user.enddate != null){10000*(user.enddate.getTime() + 11644473600000 +86340000)} else {'0'}}"
]
}

 

NM
Honored Contributor II
Honored Contributor II

@Smitakkhi what is the status of account?

Please share logs


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Smitakkhi
New Contributor II
New Contributor II

No account is created.