Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD disable account with if else conditions

esinam_g
New Contributor
New Contributor

‎03/06/2024 12:09 PM

Hello Guys,

we have requirement for AD when user account is disabled account should move to different OUs as per condition

I set up differents rules as of when the account is disabled when the user to be moved to a specifique OU.

However it doesnt seem to working,Could please take a look at my DISABLEACCOUNTJSON and provide some help

Thank you.

I have also posted my userupdate rule.

 

esinam_g_0-1709755571597.pngesinam_g_1-1709755639809.png

 

{
"deleteAllGroups": "${if (user.customproperty1 == 'Retired' || user.customproperty1 == 'Terminated') {'Yes'} else {'No'}}",
"userAccountControl": "514",
"moveUsertoOU": "${if (user.customproperty1 == 'On Leave' && user.customproperty1Updated && user.customproperty3 == 'J+0') {'OU=Inactifs,OU=xxx,OU=IQ,DC=XXX,DC=XXX'} else if (task?.userKey?.statusKey == 0) {'OU=Disable Accounts,OU=xxx,OU=XXX,DC=XXX,DC=XXX'}}"
}

0 Kudos
6 REPLIES 6

SumathiSomala
All-Star
All-Star

‎03/07/2024 02:33 AM

@esinam_g What error you are getting and share the error logs

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

Manu269
All-Star
All-Star

‎03/07/2024 08:26 PM

@esinam_g this is 1 sample i can share which I am using :

{
"userAccountControl": "514",
"deleteAllGroups": "No",
"extensionAttribute9": "${ if(user?.customproperty6.equals('Manager')) {'Y'} else {'N'} }",
${
if(user.customproperty38=='1')
'\"description\": \"Disabled by SSM due to LOA\",
\"moveUsertoOU\": \"ou=Disabled Accounts,ou=Special Accounts,DC=corp,DC=MyOrg,DC=net\"'
else if (user.statuskey==0)
'\"description\": \"Disabled by SSM due to employment termination\",
\"moveUsertoOU\": \"ou=Disabled Accounts,ou=Special Accounts,DC=corp,DC=MyOrg,DC=net\",
\"manager\": \"\",
\"extensionAttribute15\": \"1\",
\"extensionAttribute14\": \"'+user.enddate+'\"'
else
'\"description": "Dormant account disabled by SSM due to inactivity\"'
}
}

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

esinam_g
New Contributor
New Contributor
In response to Manu269

‎03/14/2024 12:19 PM

i used this code but i am still getting some error message.I can see where the error is

 

{
"userAccountControl":"514",
${
if ((user.customproperty1=="Terminated") OR (user.customproperty1=="Retired""))
'\"moveUsertoOU\":\"OU=Departs,OU=COMPTES-UTILISATEURS,OU=IQ,DC=xxx,DC=xxx\",\"deleteAllGroups\":\"Yes\"'
} else {
'\"moveUsertoOU\":\"OU=inactifs,OU=COMPTES-UTILISATEURS,OU=IQ,DC=xxx,DC=xxx\",\"deleteAllGroups\":\"No\"'
}
}

 

Here is the error message

Error while Delete operation for account-HWT in AD - Failed to parse template script (your template may contain an error or be trying to use expressions not currently supported): startup failed: SimpleTemplateScript81.groovy: 3: expecting anything but ''\n''; got it anyway @ line 3, column 200. teAllGroups\":\"Yes\"'} else { ^ 1 error Error while Delete operation for account-HWT in AD - Failed to parse template script (your template may contain an error or be trying to use expressions not currently supported): startup failed: SimpleTemplateScript204.groovy: 3: expecting anything but ''\n''; got it anyway @ line 3, column 200. teAllGroups\":\"Yes\"'} else { ^ 1 error

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to esinam_g

‎03/14/2024 08:05 PM

{
"userAccountControl": "514",
"${
if ((user.customproperty1 == "Terminated") || (user.customproperty1 == "Retired"))
{
\"moveUsertoOU\":\"OU=Departs,OU=COMPTES-UTILISATEURS,OU=IQ,DC=xxx,DC=xxx\",
\"deleteAllGroups\":\"Yes\"
}
else
{
\"moveUsertoOU\":\"OU=inactifs,OU=COMPTES-UTILISATEURS,OU=IQ,DC=xxx,DC=xxx\",
\"deleteAllGroups\":\"No\"
}
}"
}


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

esinam_g
New Contributor
New Contributor
In response to rushikeshvartak

‎03/15/2024 07:13 AM

Iam getting another error after trying the code above.i have also attached the logs.

I am putting here the initial code that just disable the account and move it to a specified OU for the departed users.this code works fine.

Is there any other way to move LOA users to another ou without using the disable pre processing?

{
"deleteAllGroups": "Yes",
"moveUsertoOU": "OU=XXX,OU=COMPTES-UTILISATEURS,OU=XXX,DC=XXX,DC=XXX",
"userAccountControl": "514"
}

 

Preview file
38 KB
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to esinam_g

‎03/17/2024 06:29 PM

Please elaborate use case 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC