Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

AD disablementJSON with logic

navneetv
Regular Contributor II
Regular Contributor II

Hi Team, we would like to implement a logic to disable JSON in the active directory, where it checks before proceeding. However, it seems that the logic(below highlighted) is not functioning properly.

The highlighted logic mentioned below is working perfectly with "Update account json".



{
"accountExpires": "0",
"manager": "${if(user.statuskey.equals('0')){null}}",
"moveUsertoOU": "${if(user.customproperty40.equals('1') && user.statuskey.equals('0')){'OU=IT_TEST,DC=IT,DC=xyz,DC=com'}}",
"userAccountControl": "514"
}

Not sure what I am doing wrong here. Could you please check and suggest?

Thanks in advance.

 

9 REPLIES 9

Saathvik
All-Star
All-Star

@navneetv : How are you triggering disable on account is it through request process or user update rules? Also what is the error you are seeing in logs?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

rushikeshvartak
All-Star
All-Star

Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

navneetv
Regular Contributor II
Regular Contributor II

@Saathvik @rushikeshvartak   

The task was successfully completed without any errors. However, upon checking the AD end system, I noticed that the user was not moved to the OU=IT_TEST,DC=IT,DC=xyz,DC=com despite meeting all the conditions mentioned above.

Our objective is to remove the manager from the AD account only when statuskey=0 and move the account to the test OU if the following conditions are met: user.customproperty40.equals('1') and user.statuskey.equals('0').

if I use the same condition to update Account json.the user moves to the "test OU" which means condition is working in updateAccountjson

 

 

How task was generated ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

navneetv
Regular Contributor II
Regular Contributor II

@Saathvik we are proceeding the disablement through the user update rule

navneetv
Regular Contributor II
Regular Contributor II

@rushikeshvartak

Yes, the disabled account task was generated and it proceeded successfully. However, when I checked in AD, the user was not moved.

I also tried disabling the AD account from the active profile and the manager was removed for active profile too, which should not have been. AS the logic is "statuskey=0".

what if you don't define logic ? does it work ?

"moveUsertoOU": "OU=IT_TEST,DC=IT,DC=xyz,DC=com",


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

navneetv
Regular Contributor II
Regular Contributor II

@rushikeshvartak @Saathvik I have figured it out and now the user is being moved to OU  with the below express. condition doesn't match user doesn't move. 

"moveUsertoOU": "${if((user?.customproperty40.equals('1') &(user?.statuskey==0))){'OU=IT_TEST,DC=IT,DC=xyz,DC=com'}}",

 

but still, I am not sure what I am doing wrong for a manager attribute. if the statuskey is 0 then manager name should be removed from the manager attribute and if statuskey is 1 then manager name should not removed from AD account. 

i tested with all way and manager's name is being removed from the account even if the statuskey is 1 

"manager": "${if(user?.statuskey==0){'[]'}}",

please suggest

"manager": "${user?.statuskey == 0 ? '[]' : user?.manager}"
 

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.