Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

ADSI AccountNameRule

B_Samuel
New Contributor II
New Contributor II
Hello All,

We are trying to handle the account name rule in the ADSI connector. I am experiencing many issues with the Create account and Account name rule.

We need to create account in AD with CN= ${user.lastname}\, ${user.firstname}
Example: Sam\, Talluri,OU=Users,OU=SaviyntDEV,DC=b,DC=net


If we pass CN in the create account:
cn": "${user.lastname}\\\\, ${user.firstname}" it is creating an account for the first user and failing for next user as the firstname and lastname are same.

So, we tried handling it in the AccountNameRule but faced many issues.
We need your help in this as soon as possible.

Create Account:
"cn": "${cn?.replace(',', '\\\\,')?.replace('\\','\\\\')}",

Account name:
{
    "AccountNameRule": {
        "Attributes": [
            {
                "cn": "${user.lastname}\\\\, ${user.firstname}",
                "baseDN": "${user.customproperty46}",
                "RuleCheck": "${user.lastname}\\\\, ${user.firstname}###${user.lastname}\\\\, ${user.firstname}1###${user.lastname}\\\\, ${user.firstname}2###${user.lastname}\\\\, ${user.firstname}3###${user.lastname}\\\\, ${user.firstname}4"
            }
        ]
    }
}
Error:
Error while creating account in ADSI : { "status": "Failure", "failedObjects": [ { "id": "${user.customproperty46}", "status": "Failure", "message": "Failed to create object of given objectClasses", "messageCodes": "OBJ_ERR_00001", "errorDetails": "OBJ_ERR_00001 : -2147016654 : An invalid dn syntax has been specified. : 0000208F: NameErr: DSID-03100233, problem 2006 (BAD_NAME), data 8350, best match of:\n\t'${user.customproperty46}'\n" } ], "connectionString": "XXXXXXXX" }


Error:
Error while creating account in ADSI : { "status": "Failure", "failedObjects": [ { "id": "OU=Users,OU=SaviyntDEV,DC=a,DC=b,DC=net", "status": "Failure", "message": "Failed to create object of given objectClasses", "messageCodes": "OBJ_ERR_00001", "errorDetails": "OBJ_ERR_00001 : -2147019886 : The object already exists. : 00002071: UpdErr: DSID-030503D3, problem 6005 (ENTRY_EXISTS), data 0\n" } ], "connectionString": "XXXXXX" }
6 REPLIES 6

B_Samuel
New Contributor II
New Contributor II
I tried using the same as the document specified, but it is still not working.
https://docs.saviyntcloud.com/bundle/ADSI-v24x/page/Content/Configuring-the-Integration-for-Provisio...

I am escaping \, with \\\\\\\\ 8 back slashes, and it worked fine with 1st account.   Output: Sam\, Talluri,*****************************
AccountNameRule:
{
    "AccountNameRule": {
        "Attributes": [
            {
                "cn": "ACCOUNTID/customproperty",
                "baseDN": "${user.customproperty46}",
                "RuleCheck": "${user.lastname}\\\\\\\\, ${user.firstname}###${user.lastname}\\\\\\\\, ${user.firstname}1###${user.lastname}\\\\\\\\, ${user.firstname}2###${user.lastname}\\\\\\\\, ${user.firstname}3###${user.lastname}\\\\\\\\, ${user.firstname}4"
            }
        ]
    }
}

Create Account:
"cn": "${cn}"

Error:  It is not picking up the account name rule
errorDetails": "OBJ_ERR_00001 : -2147019886 : The object already exists. : 00002071: UpdErr: DSID-030503D3, problem 6005 (ENTRY_EXISTS), data 0\n"

stalluri
Valued Contributor II
Valued Contributor II

Hello @B_Samuel 

Try this below config.

AccountNameRule:

{
    "AccountNameRule": {
        "Attributes": [
            {
                "cn": "ACCOUNTID",
                "baseDN": "${user.customproperty46}",
                "RuleCheck": "${user.lastname}, ${user.firstname}###${user.lastname}, ${user.firstname}1###${user.lastname}, ${user.firstname}2###${user.lastname}, ${user.firstname}3###${user.lastname}, ${user.firstname}4###${user.lastname}, ${user.firstname}5###${user.lastname}, ${user.firstname}6###${user.lastname}, ${user.firstname}7###${user.lastname}, ${user.firstname}8###${user.lastname}, ${user.firstname}9###${user.lastname}, ${user.firstname}10"
            }
        ]
    }
}

Create Account:

{
    "objects": [
        {
            "objectClasses": [
                "user"
            ],
            "baseDn": "${user.customproperty46}",
            "password": "${password}",
            "attributes": {
                "cn": "${cn?.replace(',', '\\\\,')?.replace('/','\\/')}",


Here we are replacing ',' from ANR to '\,'   // This works fine for us in ADSI.
Pass all the values needed below as needed

}
],
 "requestConfiguration": {
        "memExistanceRetSuccess": {
            "enable": true
        }
    }
}





b


Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

B_Samuel
New Contributor II
New Contributor II

@stalluri 
Do we need the below config in CreateAccount?

"requestConfiguration": {
        "memExistanceRetSuccess": {
            "enable": true
        }
    }

 

stalluri
Valued Contributor II
Valued Contributor II

This was introduced in the new version. Adding this will not hurt the configuration. 
If you upgrade the environment, it will be handled automatically.

Example 3: From Release v24.4 onwards, to create an account using the requestConfiguration configuration, use a format similar to the following:

The requestConfiguration configuration is introduced to return success or failure response for an existing account.

When you specify the enable value as true under the requestConfiguration configuration, the connector returns the success response if account already exists. 

If the requestConfiguration configuration is not included in the CREATEACCOUNTJSON parameter or if you specify the enable value as false, the connector returns the failure response with the message account already exists.




Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

NM
Esteemed Contributor
Esteemed Contributor

Hi @B_Samuel is user customproperty 46 updated the base DN value?


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

B_Samuel
New Contributor II
New Contributor II

@NM 
Yes, and we can see the log with the value as well. I also attached it above.