Click HERE to see how Saviynt Intelligence is transforming the industry.
|
Click HERE to see how Saviynt Intelligence is transforming the industry.
|
Hi team ,
Disable account operation is working from ARS page and account disabled in AD(512) moved to respective OU.
But when I trigger it from userupdate rule ,user is disabled in AD same OU and not moved to LOA OU
DISABLEACCOUNTJSON:
{
"deleteAllGroups":"No",
"userAccountControl":"514",
"moveUsertoOU":"${if (user.customproperty40=='LOA'){'OU=LOA,OU=XX Users,DC=XX,DC=LOCAL'}else if(user.statuskey==0){'OU=Disable Accounts,OU=XX Users,DC=XX,DC=LOCAL'}else{'OU=On Hold User Accounts,OU=XX Users,DC=XX,DC=LOCAL'}}",
"password": "${randomPassword}"
}
Error in pending task:
Logs:
2023-08-18T14:42:55+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-DEBUG-New DN to move to OU:: CN=Saviynt Test01,OU=LOA,OU=XX Users,DC=XX,DC=LOCAL
2023-08-18T14:42:55+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-DEBUG-DN: CN=Saviynt Test01,OU=LOA,OU=XX Users,DC=XX,DC=LOCAL exists in target
2023-08-18T14:42:55+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-DEBUG-***************** Error: All ACCOUNTNAMERULE has been checked and there still duplicate DN exists in target !!!!!!!!!!!!!!!!!!!!
2023-08-18T14:42:55+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-DEBUG-Exit validateDNtoOU() with cn= CN=Saviynt Test01
2023-08-18T14:42:56+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-ERROR-Error Disablng the Account from AD -
2023-08-18T14:42:56+05:30-ecm-worker----javax.naming.NamingException: [LDAP: error code 80 - 00002089: UpdErr: DSID-031B0DCE, problem 5012 (DIR_ERROR), data 3
No @dgandhi
Getting same error for all accounts
Accounts are getting disabled in same OU not moving to LOA OU.
Pending tasks are still in Queue
