Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/26/2024 04:35 AM
The New account and add access tasks for AD application getting created with username instead of user first and last name and the configuration is working for update account and remove or disable account tasks the account name is getting populated with user first name and last name in pending tasks account column. Issue is only with new and add access tasks for AD and whenever they are getting provisioned encountering an error - Error while creating account in AD - [LDAP: error code 19 - 000020B5: AtrErr: DSID-03153438, #1: 0: 000020B5: DSID-03153438, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 15000a (manager)
We are seeing the same error for the New Account, Add Access, and Update Account tasks when they got provisioned.
09/26/2024 04:52 AM
Hi @Pranav what is your account name rule ?
09/26/2024 09:06 AM - edited 09/26/2024 07:40 PM
Hi @NM Please find attached account name rule.
${if (user.employeeType.equals('Employee')) { 'CN='+user.displayname+',OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+'),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.city+'),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+')1,OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+')2,OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com' } else if(user.employeeType.equals('Contractor')) { 'CN='+user.displayname+' (Contractor),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+') (Contractor),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.city+') (Contractor),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+')1 (Contractor),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+')2 (Contractor),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com' } else if(user.employeeType.equals('Consultant')) { 'CN='+user.displayname+' ('+user.companyname+'),OU=External Accounts,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+')'+' ('+user.companyname+'),OU=External Accounts,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.city+')'+' ('+user.companyname+'),OU=External Accounts,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+')1'+' ('+user.companyname+'),OU=External Accounts,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+')2'+' ('+user.companyname+'),OU=External Accounts,DC=ABCD,DC=com' } else if(user.employeeType.equals('CanadianEmployee')) { 'CN='+user.displayname+',OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+'),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.city+'),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+')1,OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+')2,OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com' } else if(user.employeeType.equals('TempEmployee')) { 'CN='+user.displayname+' (Temp),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+') (Temp),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.city+') (Temp),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+')1 (Temp),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+')2 (Temp),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com' } else { 'CN='+user.displayname+',OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+'),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.city+'),OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+')1,OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'+'###'+'CN='+user.displayname+' ('+user.state+')2,OU=Users,OU='+user.customproperty16+',OU=Sites,DC=ABCD,DC=com'}}
09/26/2024 09:23 AM
can you share logs when tasks are creating and wsretry execution in 2 different file
09/26/2024 11:42 AM - last edited on 09/26/2024 11:04 PM by Sunil
[This message has been edited by moderator to mask sensitive information]
09/26/2024 11:43 AM
Which task/user needs to be checked ?
09/26/2024 11:53 AM
09/26/2024 10:34 AM
@Pranav looks fine ..can you also share create account json?
09/26/2024 07:43 PM
{
"department": "${if(user.costcenter!=null){user.costcenter + ' - ' + user.departmentname}else{user.departmentname}}",
"displayname": "${displayname}",
"manager": "${if(user.manager!=null){managerAccount?.accountID} else {''}}",
"initials": "${if(user.middlename!=null){user.middlename.substring(0,Math.min(user.middlename.length(),5))}else{''}}",
"userPrincipalName": "${userPrincipalName}",
"employeeID": "${user.username}",
"employeetype": "${user.customproperty8}",
"givenName": "${user.firstname.substring(0, 1).toUpperCase() + user.firstname.substring(1)}",
"mail": "${mail}",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"physicaldeliveryofficename": "${user.location}",
"extensionAttribute6": "${user.statuskey}",
"name": "${user.displayname}",
"sAMAccountName": "${sAMAccountName}",
"company": "${(user.entity!=null) ? user.entity +' - '+user.companyname : user.companyname}",
"st": "${user.customproperty16}",
"streetAddress": "${user.street}",
"description": "${(user.employeeType == 'TempEmployee' && user.title!=null) ? user.title + ' (Temp)' : (user.employeeType == 'TempEmployee' && user.title == null) ? '(Temp)' : user.title}",
"title": "${user.title}",
"l": "${user.city}",
"postalCode": "${user.customproperty10}",
"homeDirectory": "${user.customproperty60}",
"telephoneNumber": "${user.phonenumber}",
"mobile": "${user.secondaryPhone}",
"adminDescription": "Updated by Saviynt",
"adminDisplayName": "${user.username}",
"pwdLastSet": "0",
"businessCategory": "${user.customproperty12}",
"division": "${user.region}",
"sn": "${user.lastname.substring(0, 1).toUpperCase() + user.lastname.substring(1)}",
"accountExpires":"${ if (user.enddate != null && user.enddate != ''){10000*(user?.enddate.getTime() + 11644473600000 + 100799999 + 3636000)} else {9223372036854775807}}"
}
09/26/2024 09:18 PM
@Pranav are you currently storing DN in account id?