Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

AD account not getting Disabled

KP18
New Contributor
New Contributor

Hi,

We have a requirement that we need to remove all groups and add a new group while disabling the account at AD.

we are using below disable account JSON to achieve the above use case.

{
"objects": [
{
"objectClasses": [
"user"
],
"moveObjectToOU": "CN=Users,DC=saviyntlabs,DC=org",
"deleteAllGroups": "Yes",
"accountExpires": "${user.enddate!=null?(10000*(user.enddate.getTime()+3888000000+11644473600000)):(10000*(user.termDate.getTime()+3888000000+11644473600000))}",
"extensionAttribute2": "Term",
"msExchHideFromAddressLists": "TRUE",
"groupExclusionListOnRemoval": [
"CN=UniversalDistGroupIAMT,CN=Users,DC=saviyntadmin,DC=com"
],
"attributes": {
"userAccountControl": 514
}
}
]
}

 

The Disable account task is getting created and completed successfully at Saviynt and I can see the account status is also manually suspended but the entitlements removal and addition in Saviynt is not working as expected and also neither the account is not getting disabled nor moving to the specified OU at AD level.

Can someone help me here

Regards,

KP

 

5 REPLIES 5

NM
Valued Contributor II
Valued Contributor II

Hi @KP18 , are you trying to add the group from analytics? As disable account won't have anything related to entitlement.

KP18
New Contributor
New Contributor

Hi @NM ,

Actually, based on the enddate we are provisioning a group to the account before it gets disbaled and then we are triggering Disable account task by keeping the above mentioned JSON. As per the JSON, Saviynt has to remove all the other groups except the group mentioned inside "groupExclusionListOnRemoval". As of now Svaiynt is Disabling the account but it is not removing any of the group and aslo the account is not actually getting disabled at AD.

Regards,

KP

Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .



‼️‼️⚠️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.⚠️‼️‼️


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

NM
Valued Contributor II
Valued Contributor II

Hi @KP18 can you remove uac from attribute and just pass it without that?

NM
Valued Contributor II
Valued Contributor II

Hi @KP18 , did it work?