Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Remove Account Action JSON is not working as expected.

skaliyandil
New Contributor II
New Contributor II

‎12/21/2023 12:42 AM

We are using a JSON similar to below, in the REMOVEACCOUNTACTION in AD and the expected result is that the AD account gets moved to the OU specified and all the groups removed from the AD account apart from the group mentioned in the exclusion list.

{
"objects": [
{
"objectClasses": [
"user"
],
"distinguishedName": "${account.accountID?.replace('\\', '\\\\')?.replace('/', '\\/')}",
"moveObjectToOU": "CN=Users,DC=saviyntlabs,DC=org",
"password": "${password}",
"deleteAllGroups": true,
"groupExclusionListOnRemoval": [
"CN=UniversalDistGroupIAMT,CN=Users,DC=saviyntadmin,DC=com",
"CN=UniversalDistGroupIAMT2,CN=Users,DC=saviyntadmin,DC=com"
],
"attributes": {
"userAccountControl": 514
}
}
]
}

This configuration is not working as expected and AD account is getting deleted instead.

Saviynt Documentation referred - Configuring the Integration for Provisioning and Deprovisioning (saviyntcloud.com)

Please let me know incase of any missing configuration.

Labels:
0 Kudos
2 REPLIES 2

pmahalle
All-Star
All-Star

‎12/21/2023 01:41 AM

Hi @skaliyandil ,

Can you try with below JSON and check once.

{
"objects": [
{
"objectClasses": [
"user"
],

"removeAction":"SUSPEND",
"distinguishedName": "${account.accountID?.replace('\\', '\\\\')?.replace('/', '\\/')}",
"moveObjectToOU": "CN=Users,DC=saviyntlabs,DC=org",
"password": "${password}",
"deleteAllGroups": true,
"groupExclusionListOnRemoval": [
"CN=UniversalDistGroupIAMT,CN=Users,DC=saviyntadmin,DC=com",
"CN=UniversalDistGroupIAMT2,CN=Users,DC=saviyntadmin,DC=com"
],
"attributes": {
"userAccountControl": 514
}
}
]
}


Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂
0 Kudos

Manu269
All-Star
All-Star

‎12/21/2023 02:41 AM

@skaliyandil

removeAction: Set the action to be performed when accounts are removed.

When you set to DELETE, the connector performs a hard delete (permanent removal) of account at Active Directory.

When you set to SUSPEND the connector disables

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos
Copyright © 2024 Khoros, LLC