Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

AD user import

Saviynt_learner
Regular Contributor II
Regular Contributor II

I'm trying to import users from AD and refered the below page.

https://docs.saviyntcloud.com/bundle/AD-v2021x/page/Content/Configuring-the-Integration-for-Importin...

 

Here it says Use RECONCILATION_FIELD  and map with objectGUID. once I import user I modified an attribute which is mapped with a username, and it created a different user in next import. So What's the use of  RECONCILATION_FIELD  here then?  

Its happening with only incase of user name  change not with other attribute update.

10 REPLIES 10

naveenss
All-Star
All-Star

Hi @Saviynt_learner ,

Can you share the JSON you're using?

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Saviynt_learner
Regular Contributor II
Regular Contributor II

Hi @naveenss  Please see below

[DISPLAYNAME::displayName#String,
CUSTOMPROPERTY25::company#String,
CUSTOMPROPERTY3::sn#String,
CUSTOMPROPERTY40::distinguishedName#String,
statuskey::userAccountControl#number,
FIRSTNAME::name#String,
LASTNAME::sn#String,
USERNAME::givenname#String,
phonenumber::telephoneNumber#String,
CUSTOMPROPERTY10::c#String,
UPDATEDATE::whenChanged#customDate--yyyyMMddHHmmss.'0Z',
CUSTOMPROPERTY14::extensionAttribute1#String,
CUSTOMPROPERTY15::extensionAttribute2#String,
CUSTOMPROPERTY26::objectguid#Binary,
RECONCILATION_FIELD::CUSTOMPROPERTY26]

 

If we update anything else from the attribute mapped to username its updating user in saviynt. But if username attribute (here ex:givenname) changes then its creating new user.

USERNAME::givenname#String,

  • Username should be unique field , here given name is not unique field hence its causing issue
  • RECONCILATION_FIELD is a unique property for an user, ensure that it is always mapped to objectGUID.

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@rushikeshvartak  I understood why it happened.

But whats the use of RECONCILATION_FIELD then. Its still not clear.

RECONCILATION_FIELD needs to be unique attribute which finds in existing records if record finds then it will update else it will create new user.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Thanks for the response.

In that case, even If the username changes (in my case) it should still update the existing user right. Because if its not then, there is no use of RECONCILATION_FIELD .  Is my interpretation wrong?  Can you help me o understand it.

Reason is wrong mapping of username to GivenName which can't be unique


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

How about using samaccoutname, Email

samaccoutname


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi Rushikesh,

I have a similar issue. In my environment  Accounts are imported from Prov DB to Saviynt.
1. Unique attributes in prov DB is system user name and User name. But, user's have a chance to update their Username field to other unique value.

2. So, whenever user updates Username field to other unique value. In the next job run Saviynt is creating a new user. Since the reconciliation attribute is username. So, I already have 250+ this duplicate account cases.

3. In case if I update the reconciliation attribute to system username which is unique and value is same through out the user life cycle. What will happen to the duplicate account which are already present in saviynt after next job run.

Here duplicate account means User records with different username and same System username which were created earlier because the reconciliation attribute is set as username.

 

Thanks

Vamshi Krishna