Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD account status not changing to 'Suspended from Import Service' after deleted on Windows AD

SuetYie
New Contributor II
New Contributor II

‎02/05/2024 02:23 AM

Hi All, 

 

We encountered an issue when reconciliating the AD account status on Saviynt. Due to some reason, few AD accounts were deleted manually on Windows ActiveDirectory and after running the AD account import job on Saviynt, accounts status remain 'Inactive' instead of changing to 'Suspended from Import Service'. 

 

AD accounts that were deleted through Saviynt tasks are showing correct status ('Suspended from Import Service'), only those that were deleted manually on Windows ActiveDirectory are having the status issue, verified that they have been completely removed on Windows ActiveDirectory. 

 

We have checked the log file and those AD accounts that were deleted manually on Microsoft ActiveDirectory does not exist during account import. Based on Saviynt document, account status should change to 'Suspended from Import Service'. Searching for Accounts (saviyntcloud.com)

SuetYie_1-1707127602118.png

 

Any advice on the matter is greatly appreciated. 

 

Thanks, 

Suet Yie 

Labels:
0 Kudos
7 REPLIES 7

Raghu
All-Star
All-Star

‎02/05/2024 06:29 AM

Hi @SuetYie ,

May i know the your AD connector STATUS_THRESHOLD_CONFIG- ? everything okay means ? go with CQ query after manually suspended or inactive - add condition update the status 'suspended from import'

already account info deleted in target system (Ad) we can update manually update status.

 

Thanks,
Raghu
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

 


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.
0 Kudos

SuetYie
New Contributor II
New Contributor II
In response to Raghu

‎02/05/2024 06:31 PM

Hi Raghu,

Please find below the STATUS_THRESHOLD_CONFIG, based on our understanding on the config it seems to be correct, other accounts status are showing expected result. 

{ 
"statusAndThresholdConfig": { 
"statusColumn":"customproperty30", 
"activeStatus":["512","544","66048"], 
"deleteLinks":true, 
"accountThresholdValue": 20000,
"correlateInactiveAccounts": true, 
"inactivateAccountsNotInFile": false
} 
}


May I know what could possibly be the cause of preventing account status changing to 'suspended from import service' even tho the account has been deleted on AD and does not exist during the account import? We would like find the root cause instead of changing the accounts status manually.

Thanks,
Suet Yie

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SuetYie

‎02/05/2024 06:49 PM

  • What is value of accounts in cp30 for those accounts ?
  • and how much is mismatch ?
  • Did you perform mannual cleanup in past ? 

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

SuetYie
New Contributor II
New Contributor II
In response to rushikeshvartak

‎02/06/2024 12:17 AM

Hi @rushikeshvartak , 

Please find my comments as below, 

  • CustomProperty30 is the userAccountControl. 
  • We notice that as long as the account is deleted on AD then status will not be updated to 'suspended from import service' on Saviynt. Currently there are more than 50 accounts having this issue. 
  • May I know how is this relate to the AD accounts that are not changing to 'suspended from import service' after deleted on AD? 

Thanks, 

Suet Yie

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to SuetYie

‎02/06/2024 08:51 PM

If you have changed account status manually in past then it cause data issue.


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Bwagne
New Contributor III
New Contributor III

‎02/05/2024 04:04 PM

I have the exact same issue with one particular account.  The account was deleted in AD and I expect it to switch to Suspended from Import and it is stuck at Manually Suspended

0 Kudos

Raghu
All-Star
All-Star

‎02/06/2024 11:06 PM

@SuetYie  - we are facing same issue our system, but Saviynt team not given any solution eod .alternative approach we can do manually ,anyway target system in data deleted.

if still checking with same account exiting person not able send new request also bez it is manually suspended.

Thanks,
Raghu
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

 


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.
0 Kudos
Copyright © 2024 Khoros, LLC