Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/18/2023 04:27 AM
Hi team ,
Disable account operation is working from ARS page and account disabled in AD(512) moved to respective OU.
But when I trigger it from userupdate rule ,user is disabled in AD same OU and not moved to LOA OU
DISABLEACCOUNTJSON:
{
"deleteAllGroups":"No",
"userAccountControl":"514",
"moveUsertoOU":"${if (user.customproperty40=='LOA'){'OU=LOA,OU=XX Users,DC=XX,DC=LOCAL'}else if(user.statuskey==0){'OU=Disable Accounts,OU=XX Users,DC=XX,DC=LOCAL'}else{'OU=On Hold User Accounts,OU=XX Users,DC=XX,DC=LOCAL'}}",
"password": "${randomPassword}"
}
Error in pending task:
Logs:
2023-08-18T14:42:55+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-DEBUG-New DN to move to OU:: CN=Saviynt Test01,OU=LOA,OU=XX Users,DC=XX,DC=LOCAL
2023-08-18T14:42:55+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-DEBUG-DN: CN=Saviynt Test01,OU=LOA,OU=XX Users,DC=XX,DC=LOCAL exists in target
2023-08-18T14:42:55+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-DEBUG-***************** Error: All ACCOUNTNAMERULE has been checked and there still duplicate DN exists in target !!!!!!!!!!!!!!!!!!!!
2023-08-18T14:42:55+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-DEBUG-Exit validateDNtoOU() with cn= CN=Saviynt Test01
2023-08-18T14:42:56+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-ERROR-Error Disablng the Account from AD -
2023-08-18T14:42:56+05:30-ecm-worker----javax.naming.NamingException: [LDAP: error code 80 - 00002089: UpdErr: DSID-031B0DCE, problem 5012 (DIR_ERROR), data 3
Solved! Go to Solution.
08/18/2023 08:46 AM
Can you add modify below condition and try?
user.customproperty40?.contains('LOA')
Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
08/18/2023 09:01 AM
Thank @dgandhi ,
tried ,no luck
Any other inputs?
08/18/2023 09:06 AM
Is there same DN entry present in the target?
Error: All ACCOUNTNAMERULE has been checked and there still duplicate DN exists in target !!!!!!!!!!!!!!!!!!!!
Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
08/18/2023 09:17 AM - edited 08/18/2023 09:18 AM
No @dgandhi
Getting same error for all accounts
Accounts are getting disabled in same OU not moving to LOA OU.
Pending tasks are still in Queue
08/20/2023 09:31 PM
Any other inputs?
10/16/2023 08:40 AM
Thanks all tried all suggestion shared.it didn't work. So I have configured user update rule to disable the account and update AD account to move user to LOA or disable OU.