Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/19/2024 08:24 AM
Hi,
We have a requirement that we need to remove all groups and add a new group while disabling the account at AD.
we are using below disable account JSON to achieve the above use case.
{
"objects": [
{
"objectClasses": [
"user"
],
"moveObjectToOU": "CN=Users,DC=saviyntlabs,DC=org",
"deleteAllGroups": "Yes",
"accountExpires": "${user.enddate!=null?(10000*(user.enddate.getTime()+3888000000+11644473600000)):(10000*(user.termDate.getTime()+3888000000+11644473600000))}",
"extensionAttribute2": "Term",
"msExchHideFromAddressLists": "TRUE",
"groupExclusionListOnRemoval": [
"CN=UniversalDistGroupIAMT,CN=Users,DC=saviyntadmin,DC=com"
],
"attributes": {
"userAccountControl": 514
}
}
]
}
The Disable account task is getting created and completed successfully at Saviynt and I can see the account status is also manually suspended but the entitlements removal and addition in Saviynt is not working as expected and also neither the account is not getting disabled nor moving to the specified OU at AD level.
Can someone help me here
Regards,
KP
06/19/2024 09:11 AM
Hi @KP18 , are you trying to add the group from analytics? As disable account won't have anything related to entitlement.
06/19/2024 10:10 AM
Hi @NM ,
Actually, based on the enddate we are provisioning a group to the account before it gets disbaled and then we are triggering Disable account task by keeping the above mentioned JSON. As per the JSON, Saviynt has to remove all the other groups except the group mentioned inside "groupExclusionListOnRemoval". As of now Svaiynt is Disabling the account but it is not removing any of the group and aslo the account is not actually getting disabled at AD.
Regards,
KP
06/19/2024 11:41 AM
Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .
‼️‼️⚠️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.⚠️‼️‼️
06/19/2024 12:55 PM
Hi @KP18 can you remove uac from attribute and just pass it without that?
06/20/2024 09:12 PM
Hi @KP18 , did it work?