Click HERE to see how Saviynt Intelligence is transforming the industry. |
12/21/2023 12:42 AM
We are using a JSON similar to below, in the REMOVEACCOUNTACTION in AD and the expected result is that the AD account gets moved to the OU specified and all the groups removed from the AD account apart from the group mentioned in the exclusion list.
{
"objects": [
{
"objectClasses": [
"user"
],
"distinguishedName": "${account.accountID?.replace('\\', '\\\\')?.replace('/', '\\/')}",
"moveObjectToOU": "CN=Users,DC=saviyntlabs,DC=org",
"password": "${password}",
"deleteAllGroups": true,
"groupExclusionListOnRemoval": [
"CN=UniversalDistGroupIAMT,CN=Users,DC=saviyntadmin,DC=com",
"CN=UniversalDistGroupIAMT2,CN=Users,DC=saviyntadmin,DC=com"
],
"attributes": {
"userAccountControl": 514
}
}
]
}
This configuration is not working as expected and AD account is getting deleted instead.
Saviynt Documentation referred - Configuring the Integration for Provisioning and Deprovisioning (saviyntcloud.com)
Please let me know incase of any missing configuration.
12/21/2023 01:41 AM
Hi @skaliyandil ,
Can you try with below JSON and check once.
{
"objects": [
{
"objectClasses": [
"user"
],
"removeAction":"SUSPEND",
"distinguishedName": "${account.accountID?.replace('\\', '\\\\')?.replace('/', '\\/')}",
"moveObjectToOU": "CN=Users,DC=saviyntlabs,DC=org",
"password": "${password}",
"deleteAllGroups": true,
"groupExclusionListOnRemoval": [
"CN=UniversalDistGroupIAMT,CN=Users,DC=saviyntadmin,DC=com",
"CN=UniversalDistGroupIAMT2,CN=Users,DC=saviyntadmin,DC=com"
],
"attributes": {
"userAccountControl": 514
}
}
]
}
12/21/2023 02:41 AM
removeAction: Set the action to be performed when accounts are removed.
When you set to DELETE, the connector performs a hard delete (permanent removal) of account at Active Directory.
When you set to SUSPEND the connector disables