Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

AD accounts ending in "-da" failing to update

New Contributor III
New Contributor III


We use secondary privileged accounts for domain admins. The task to update the primary account such as jdoe is successful, but when I create an update account task for jdoe-da, i get the error message below.


SAV-Error while updating account,Could not find a unique saMAccountName to provision SAV-Error while updating account,Could not find a unique saMAccountName to provision
This happens with all "-da" accounts, not just this account. The account does exist in the endpoint accounts tab and directly in AD.
Additional log info:
2023-09-08 15:31:35,569 [quartzScheduler_Worker-5] DEBUG services.ArsTaskService - Validating tasks for Securitysystem - Prod AD
2023-09-08 15:31:35,571 [quartzScheduler_Worker-5] DEBUG services.ArsTaskService - includeinactiveusersandacc = false
2023-09-08 15:31:35,576 [quartzScheduler_Worker-5] DEBUG services.ArsTaskService - Key has Accounts
2023-09-08 15:31:35,579 [quartzScheduler_Worker-5] DEBUG services.ArsTaskService - accountName = jdoe-da , taskType = 12 accountkey = 62534323

2023-09-08 15:31:40,926 [quartzScheduler_Worker-5] DEBUG ldap.SaviyntGroovyLdapService - UpdateAccount - Binding map is..[ServiceAccountOwnerMap:[:],task:com.saviynt.ecm.task.ArsTasks : 7821024,manager:327626,user:377631,account:jdoe-da,managerAccount:OKana,]
2023-09-08 15:31:40,926 [quartzScheduler_Worker-5] DEBUG ldap.SaviyntGroovyLdapService - Enter isADConnection
2023-09-08 15:31:40,926 [quartzScheduler_Worker-5] DEBUG ldap.SaviyntGroovyLdapService - External connection is :: Prod AD
2023-09-08 15:31:40,927 [quartzScheduler_Worker-5] DEBUG ldap.SaviyntGroovyLdapService - isadconnection = true
2023-09-08 15:31:40,927 [quartzScheduler_Worker-5] DEBUG ldap.SaviyntGroovyLdapService - Exit isADConnection

Saviynt Employee
Saviynt Employee

Hi @ZA 

Can you paste the log lines when there is error when its trying to find the samaccountname. Also this looks more of issue than a new implementation. You can raise a FD ticket as well on this so that we can check around the logs and see whats the issue around.

Also these accounts ( -da ) were created from saviynt or only pulled via target. Also check on the domain ( OU ), it looks like with accountname its not finding any account in target.