I am having couple of questions on the best practices/mandatory steps to be followed whenever we need to change the password for a Service account in AD and related endpoints:that is primarily used to create,disable and remove accounts etc.
1) I am aware,we would need to update all the respective connections which uses that service account ,ensure that the connection is saved and tested and then we can obviously monitor to see if the provisioning of new accounts are happening correctly/deprovisioning. Are there any other places when this new password to be updated? .
Recently,we observed that the account status shows up as Inactive in Saviynt even though it is pretty much active in AD and testing the AD connection shows successful ,despite the account status "inactive" which is misleading
We are seeing new accounts getting created,add access tasks are getting failed intermittently with LDAP error codes( few were getting failed with BAD_NAME and majority of them due to LDAP error 53
We are changing the password of this service account for the first time after our GO-LIVE.
Solved! Go to Solution.
We need to update the service account credentials in the connection and then do a test connection to verify the same.
But if you are facing issues of task/import failure please raise a support ticket for details.
Also verify from your end that new service has same permission/rights/grants/access as the previous successful working service account.