Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/03/2024 05:44 AM - edited 10/03/2024 05:45 AM
Hi all,
We are using basic CreateAccountJSON for AD provisioning. But we are getting this error: Error while creating account in AD - [LDAP: error code 68 - 00000524: UpdErr: DSID-031A11F8, problem 6005 (ENTRY_EXISTS), data 0 ],
I have also checked but I don't see user in AD.
Below is the CREATEACCOUNTJSON code,
{
"cn": "${cn}",
"givenName": "${user?.firstname}",
"sn": "${user?.lastname}",
"displayname": "${user?.displayname}",
"sAMAccountName": "${task?.accountName}",
"userprincipalname": "${user?.email.toString().toLowerCase()}",
"objectClass": ["top", "person", "organizationalPerson", "user"]
}
10/03/2024 06:04 AM
Which attribute did you considered to check whether user present or not in AD? Check with DN as well as userprincipalname.
10/03/2024 06:12 AM
We checked with both, userprincipalname and common name.
10/03/2024 06:15 AM
Make sure email id you are using for user to be created is not assigned to any other user in userprincipalname as well as not present in proxyaddress.
Check proxyaddress of all the existing user whether email id already exists or not?
10/03/2024 06:11 AM
@kavitakamtekar4 as suggested by @pmahalle check the attributes and also sam account name if it exist or not.
10/03/2024 06:22 AM
Can you also validate the accountname rule?
10/03/2024 06:33 AM
@kavitakamtekar4
Make sure you check the Accountnamerule and Checkforunique has the validation to not allow duplicates values.
System will check for this and create unique UPN and CN. AD-v24
Specify the rules to generate the DN for the account for provisioning separated by ### in the ACCOUNTNAMERULE parameter. This parameter is evaluated while creating an account and update of any attribute-driven name rule and OU movements for an account.
To create accounts using the first name and last name, define the rule in the following formats:
Example 1:
CN=${user.lastname}\\, ${user.firstname} (Global-V)
[${user.username}],CN=Users,DC=abccompany,DC=com###CN=${user.lastname}1\\,
${user.firstname}1 (Global-V)
[${user.username}1],CN=Users,DC=abccompany,DC=com###CN=${user.lastname}\\,
${user.firstname} (Global-V) [${user.username}2],CN=Users,DC=abccompany,DC=com
To evaluate the uniqueness of an attribute in the Active Directory domain before it is provisioned, specify the CHECKFORUNIQUE parameter.
The attribute is evaluated for all provisioning operations and the associated changes are made to it to make it unique. To use this parameter, specify the attributes that you want to check in Active Directory for the unique constraint of rules separated by ###.
Example:
{
"userPrincipalName": "${user.firstname}.${user.lastname}@<specify company
name>com###${user.firstname}.${user.lastname}1@<specify company name>.com"
, "cn":"${user.lastname}
, ${user.firstname} (Global-V) [${user.username}]###${user.lastname}
, ${user.firstname} (Global-V)
[${user.username}1]","name":"${user.username}###${user.username}1###${user.username}
2###${user.username}3"
}