and more in a single search tool across platforms. Read the announcement here. |
02/15/2023 05:47 AM
Hello,
Is it possible to set the active directory account expires to current date and login denied in the disableaccountjson for the AD connector? Similarly in the enableaccountjson would it be possible to change these to logon permitted and account never expires? If so what would the syntax look like?
Screenshots for reference
02/15/2023 10:42 AM
In order to set the accountexpires as Current date you can use
${Calendar.getInstance().getTime().format('yyyyMMddHHmmss')}Z
For login denied - can you try to pass the value as 0 and
for logon permitted try to pass the value as 1.
02/17/2023 07:25 AM
Hi Sahil,
Was the "Z" in your current date method there a typo? I ask because when I tried it I got the below error.
Disable account JSON looks like the below
{
"userAccountControl": "514",
"description": "",
"accountExpires": "${Calendar.getInstance().getTime().format('yyyyMMddHHmmss')}Z",
"logonHours": "00000000000000000000"
}
02/17/2023 10:02 AM
Apologies for the typo, can you remove the Z and then validate.
02/19/2023 11:05 PM
"accountExpires": "${Calendar.getInstance().getTime().format('yyyyMMddHHmmss')}"
02/21/2023 06:56 AM
So the account expires looks to work but I am getting a completely different date than the current date. See below screenshot. Is there another way to get current date in Saviynt in a way that Active Directory will view it as today's date?
Also, the "logonHours": "00000000000000000000" doesn't seem to work for setting the value to logon denied. Does anyone know the correct way to set this attribute?
02/21/2023 08:42 AM
Ideally the previous shared should have worked but can you try with the format ${(new Date()).format('yyyyMMddHHmmss')}
And for logon hours, please try the value as '0'. Also, do ensure the attribute name for AD you are using is the correct one.
02/22/2023 07:16 AM
The logonHours is the correct name for the attribute in AD. Unfortunately 0 does not work as the value seems to require a Hexadecimal value. I tried "0000000000000000000000" , "000000000000000000000000000000000000000000000000000000000000000000000000", and "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" the base64 string representation as well which did not work.
Not sure what else to try or if anyone else has gotten this to work from Saviynt end.
Getting the below error.
02/22/2023 12:45 PM
I have not used or seen anyone using this field before, unfortunately. But once the account is disabled the logon hours should not even matter as the User will not be able to login.
P.S: I hope the syntax to get the time format worked.
02/23/2023 06:04 AM
The time format is still giving the incorrect date for disabling.
The reason my client wants the logonHours is so that if an account is enabled in Active Directory itself and not from ISIM the user still would not be able to login if login denied is set.
02/27/2023 08:54 AM - edited 02/27/2023 09:01 AM
I checked this and currently setting the value for logonHours is not supported.
Though this functionality is already in the future Road map. The product team would work on it and it would be available in next suitable release.
03/01/2023 08:34 AM
Thanks. Do you have any further details on the proper way to send accountExpires? I saw another thread that didn't get resolved someone trying the below.
"accountExpires": "${(Calendar.getInstance().getTime() + 11644473600000) * 10000 }"
but for me this threw the error
{"log":"groovy.lang.MissingMethodException: No signature of method: java.util.Date.plus() is applicable for argument types: (java.lang.Long) values:
Thanks,
Aundre
03/03/2023 08:12 AM
Can you confirm the app version you are testing on.
03/03/2023 08:28 AM
5.5 SP3
03/03/2023 08:51 AM
is it 3.11 or a lower version or any other.
03/03/2023 08:53 AM
Its 3.16 now, as of this week I believe since the client upgraded. I can't remember what it was before but probably 3.11 or lower when I was testing it.
03/03/2023 09:15 AM
Can you try with this in that case (Z is included)
${Calendar.getInstance().getTime().format('yyyyMMddHHmmss')}Z
${(new Date()).format('yyyyMMddHHmmss')} worked until 3.11 I believe and after that the New keyword was restricted to be used.
Post 3.11, ${Calendar.getInstance().getTime().format('yyyyMMddHHmmss')}Z this worked for me.
03/06/2023 06:19 AM
This still didn't work for me. Error is below.
My json looks like this.
{
"userAccountControl": "514",
"description": "",
"accountExpires": "${Calendar.getInstance().getTime().format('yyyyMMddHHmmss')}Z"
}
04/06/2023 01:04 PM
${Calendar.getInstance().getTime().format('yyyyMMddHHmmss')}Z - this should have worked. In case it did not, can you create a ticket with support team to check further.