Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD disable account with if else condition

Go to solution
SumathiSomala
All-Star
All-Star

‎08/19/2023 02:28 AM

Hi team ,

we have requirement for AD when user account is disabled account should move to different OUs as per condition.

user update rules are getting triggered disable account tasks are created.

when i run wsretry job, pending task is not moving.

but account is getting disabled in  AD.

Move user to OU not working.

 

DISABLEACCOUNTJSON:

{
"deleteAllGroups":"No",
"userAccountControl":"514",
"moveUsertoOU":"${if (user.customproperty40=='LOA'){'OU=LOA,OU=XX Users,DC=XX,DC=LOCAL'}else if(user.statuskey==0){'OU=Disable Accounts,OU=XX Users,DC=XX,DC=LOCAL'}else{'OU=On Hold User Accounts,OU=XX Users,DC=XX,DC=LOCAL'}}",
"password": "${randomPassword}"
}

Error in pending task:

SumathiSomala_0-1692437256212.png

 

Any help would be appreciated

.

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
Labels:
0 Kudos
16 REPLIES 16

Go to solution
pmahalle
All-Star
All-Star

‎08/19/2023 10:46 AM

Hi @SumathiSomala ,

Any reason you are passing password while disabling the account. Can you try removing it?


Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star

‎08/19/2023 03:31 PM

LDAP Error Codes Document - https://docs.servicenow.com/en-US/bundle/vancouver-platform-security/page/administer/reference-pages...

LDAP: error code 80 - The password provided by the user did not match any password(s) stored in the user's entry Worker . 

{
"deleteAllGroups":"No",
"userAccountControl":"514",
"moveUsertoOU":"${if(user.customproperty40.equals('LOA')){'OU=LOA,OU=XXXX Users,DC=XXXX,DC=LOCAL'}else if(user.statuskey==0){'OU=Disable Accounts,OU=XXXX Users,DC=XXXX,DC=LOCAL'}else{'OU=On Hold User Accounts,OU=XXXX Users,DC=XXXX,DC=LOCAL'}}"
}

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
SumathiSomala
All-Star
All-Star

‎08/19/2023 10:22 PM

Thanks @pmahalle and @rushikeshvartak ,

Tried with and without passing password no luck.

Already we tested only else condition is working as expected.

when if or else if condition true move OU not working and pending tasks are stuck in queue.

SumathiSomala_0-1692508938227.png

Attaching the logs.

Any other inputs?

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
Preview file
9 KB
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to SumathiSomala

‎08/19/2023 11:37 PM 

{
  "deleteAllGroups": "No",
  "userAccountControl": "514",
  "moveUsertoOU": "${if (task?.userKey?.customproperty40=='LOA'){'OU=LOA,OU=XX Users,DC=XX,DC=LOCAL'}else if(task?.userKey?.statusKey==0){'OU=Disable Accounts,OU=XX Users,DC=XX,DC=LOCAL'}else{'OU=On Hold User Accounts,OU=XX Users,DC=XX,DC=LOCAL'}}"
}

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
SumathiSomala
All-Star
All-Star
In response to rushikeshvartak

‎08/20/2023 12:04 AM

Tried @rushikeshvartak 

No luck .

Account status is changed to 66048 in AD and move OU not working and pending tasks are stuck in queue.

SumathiSomala_0-1692515071652.png

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to SumathiSomala

‎08/20/2023 09:35 AM

Does user have customproperty set ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
SumathiSomala
All-Star
All-Star

‎08/20/2023 09:30 PM

Yes @rushikeshvartak 

User update rule set  to disable account in AD and then set user customproperty 40 .

Disable account tasks created .

Ran the provisioning job 

User account disabled in AD and Move OU not happening and pending tasks stuck on Q.

Any idea?

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to SumathiSomala

‎08/20/2023 09:33 PM 

"moveUsertoOU":"${if(user.customproperty40.equalsIgnoreCase('LOA')){'OU=LOA,OU=XXXX Users,DC=XXXX,DC=LOCAL'}else if(user.statuskey==0){'OU=Disable Accounts,OU=XXXX Users,DC=XXXX,DC=LOCAL'}else{'OU=On Hold User Accounts,OU=XXXX Users,DC=XXXX,DC=LOCAL'}}"

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
SumathiSomala
All-Star
All-Star
In response to rushikeshvartak

‎08/20/2023 10:11 PM

Tried @rushikeshvartak ,

No luck this time account is also active in AD.

Also tried with different CP and value

Is there any other configurations/customization required to perfom disable account.

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to SumathiSomala

‎08/20/2023 10:34 PM

user.customproperty40.equalsIgnoreCase('LOA')
? 'OU=LOA,OU=XXXX Users,DC=XXXX,DC=LOCAL'
: (user.statuskey == 0
? 'OU=Disable Accounts,OU=XXXX Users,DC=XXXX,DC=LOCAL'
: 'OU=On Hold User Accounts,OU=XXXX Users,DC=XXXX,DC=LOCAL')


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
SumathiSomala
All-Star
All-Star
In response to rushikeshvartak

‎08/20/2023 11:06 PM

@rushikeshvartak 

can u help with complete JSON

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

Go to solution
SumathiSomala
All-Star
All-Star

‎08/21/2023 02:04 AM

Tried @rushikeshvartak ,

Still luck.

Will raise fresh desk ticket

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

Go to solution
ruqayyah
Saviynt Employee
Saviynt Employee

‎08/21/2023 08:35 AM

@SumathiSomala 

Please try the below  json and let us know if that helps.

ruqayyah_1-1692631924893.png

Regards

Ruqayyah

0 Kudos

Go to solution
SumathiSomala
All-Star
All-Star

‎08/21/2023 08:41 AM

Thanks @ruqayyah 

Already tried not working

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

Go to solution
SumathiSomala
All-Star
All-Star
In response to SumathiSomala

‎09/05/2023 04:46 AM

Hi team,

Any other inputs ?

still we are unable to perform moveusertoOU

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

Go to solution
SumathiSomala
All-Star
All-Star

‎10/16/2023 08:43 AM

Thanks all tried all suggestion shared.it didn't work. So I have configured user update rule to disable the account and update AD account to move user to different OU.

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos
Copyright © 2024 Khoros, LLC