Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

AD disable account

SumathiSomala
All-Star
All-Star

Hi team ,

Disable account operation is working from ARS page and account disabled in AD(512) moved to respective OU.

But when I trigger it from userupdate rule ,user is disabled in AD same OU  and not moved to LOA OU

 

SumathiSomala_0-1692357668802.png

 

DISABLEACCOUNTJSON:

{
"deleteAllGroups":"No",
"userAccountControl":"514",
"moveUsertoOU":"${if (user.customproperty40=='LOA'){'OU=LOA,OU=XX Users,DC=XX,DC=LOCAL'}else if(user.statuskey==0){'OU=Disable Accounts,OU=XX Users,DC=XX,DC=LOCAL'}else{'OU=On Hold User Accounts,OU=XX Users,DC=XX,DC=LOCAL'}}",
"password": "${randomPassword}"
}

Error in pending task:

SumathiSomala_1-1692357759561.png

Logs:


2023-08-18T14:42:55+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-DEBUG-New DN to move to OU:: CN=Saviynt Test01,OU=LOA,OU=XX Users,DC=XX,DC=LOCAL

2023-08-18T14:42:55+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-DEBUG-DN: CN=Saviynt Test01,OU=LOA,OU=XX Users,DC=XX,DC=LOCAL exists in target

2023-08-18T14:42:55+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-DEBUG-***************** Error: All ACCOUNTNAMERULE has been checked and there still duplicate DN exists in target !!!!!!!!!!!!!!!!!!!!


2023-08-18T14:42:55+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-DEBUG-Exit validateDNtoOU() with cn= CN=Saviynt Test01

2023-08-18T14:42:56+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-2-ERROR-Error Disablng the Account from AD -

2023-08-18T14:42:56+05:30-ecm-worker----javax.naming.NamingException: [LDAP: error code 80 - 00002089: UpdErr: DSID-031B0DCE, problem 5012 (DIR_ERROR), data 3

 

 

 

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
6 REPLIES 6

dgandhi
All-Star
All-Star

Can you add modify below condition and try?

user.customproperty40?.contains('LOA')

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

Thank @dgandhi ,

tried ,no luck

SumathiSomala_0-1692374459054.png

Any other inputs?

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

Is there same DN entry present in the target?

Error: All ACCOUNTNAMERULE has been checked and there still duplicate DN exists in target !!!!!!!!!!!!!!!!!!!!

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

No @dgandhi 

Getting same error for all accounts

SumathiSomala_0-1692375396244.png

Accounts are getting disabled in same OU not moving to LOA OU.

Pending tasks are still in Queue

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

Any other inputs?

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

SumathiSomala
All-Star
All-Star

Thanks all tried all suggestion shared.it didn't work. So I have configured user update rule to disable the account and update AD account to move user to LOA or disable OU.

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.