Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CHECKFORUNIQUE not working for AD Connector

ShubhamBabbar
New Contributor III
New Contributor III

‎07/30/2024 11:17 AM

Upon checking for UPN uniqueness in AD connector using the below logic:

{"userPrincipalName": "${if(type.equals('Service Account')) {prefix+'-'+term+'-Svc'+task.endpoint?.customproperty1} else {prefix+'-RES0001'+task.endpoint?.customproperty1}}###${if(type.equals('Service Account')) {prefix+'-'+term+'-Svc'+task.endpoint?.customproperty1} else {prefix+'-RES0002'+task.endpoint?.customproperty1}}"}

 

I am getting the below error:

Error while searching for userPrincipalName=A2-RES0001@domain.com-[LDAP: error code 32 - 0000208D: NameErr: DSID-03100221, problem 2001 (NO_OBJECT), data 0, best match of:
 
2024-07-30T23:40:28+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-15-ggr94-ERROR-Error while creating account in AD - [LDAP: error code 68 - 00000524: UpdErr: DSID-031A11FA, problem 6005 (ENTRY_EXISTS), data 0
 
Ideally in this scenario UPN should be created as A2-RES0002@domain.com after checking for A2-RES0001@domain.com
 
The createaccountjson does not have contain mapping for UPN.
Labels:
0 Kudos
12 REPLIES 12

rushikeshvartak
All-Star
All-Star

‎07/30/2024 09:03 PM

{
"userPrincipalName": "${if(type.equals('Service Account')) {prefix+'-'+term+'-Svc'+task.endpoint?.customproperty1} else {prefix+'-RES0001'+task.endpoint?.customproperty1}}###${if(type.equals('Service Account')) {prefix+'-'+term+'-Svc'+task.endpoint?.customproperty1} else {prefix+'-RES0002'+task.endpoint?.customproperty1}}"
}


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

ShubhamBabbar
New Contributor III
New Contributor III

‎07/30/2024 09:14 PM

@rushikeshvartakThanks for you response, I have used the same logic as mentioned in my question as well. I don't see any difference in your JSON and the mine which is not working for me. 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to ShubhamBabbar

‎07/30/2024 09:25 PM

Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .



‼️‼️⚠️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.⚠️‼️‼️


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

ShubhamBabbar
New Contributor III
New Contributor III
In response to rushikeshvartak

‎07/30/2024 09:29 PM

@rushikeshvartak logs are attached in the my initial query as well, pasting it here again:

Error while searching for userPrincipalName=A2-RES0001@domain.com-[LDAP: error code 32 - 0000208D: NameErr: DSID-03100221, problem 2001 (NO_OBJECT), data 0, best match of:
 
2024-07-30T23:40:28+05:30-ecm-worker-ldap.SaviyntGroovyLdapService-quartzScheduler_Worker-15-ggr94-ERROR-Error while creating account in AD - [LDAP: error code 68 - 00000524: UpdErr: DSID-031A11FA, problem 6005 (ENTRY_EXISTS), data 0

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to ShubhamBabbar

‎07/30/2024 11:08 PM

Looking for logs in text file with to check all details


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

NM
Honored Contributor III
Honored Contributor III

‎07/30/2024 11:17 PM

Hi @ShubhamBabbar , can you share your account name rule?


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

ShubhamBabbar
New Contributor III
New Contributor III
In response to NM

‎07/31/2024 12:10 AM

@NM 
AccountNameRule: CN=${if(type.equals('Service Account')) {prefix + '-' + term.replaceAll(',','') + '-Service,' + task.endpoint?.customproperty2} else {prefix+' '+resourceType+' '+termResource.replaceAll(',','')+','+ task.endpoint?.customproperty3 }}

@rushikeshvartak PFA logs

Preview file
273 KB
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to ShubhamBabbar

‎07/31/2024 09:32 AM

Does user already exists ?

"2024-07-31T07:06:47.004+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-17-ggr94","ERROR","Error while creating account in AD - [LDAP: error code 68 - 00000524: UpdErr: DSID-031A11FA, problem 6005 (ENTRY_EXISTS), data 0"


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

ShubhamBabbar
New Contributor III
New Contributor III
In response to rushikeshvartak

‎07/31/2024 09:38 AM

@rushikeshvartak  Yes A2-RES0001@domain.com UPN exists in a different OU in the same directory thats why check for unique should use the second option A2-RES0002@domain.com

0 Kudos

NM
Honored Contributor III
Honored Contributor III

‎07/31/2024 10:11 AM

Hi @ShubhamBabbar , in short you are trying to create an account in an different OU and once you did a check based on UPN it was able to find an account in different OU but didn't use incremental rule defined in checkforunique right?


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

ShubhamBabbar
New Contributor III
New Contributor III
In response to NM

‎07/31/2024 11:56 PM

That is correct @NM 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to NM

‎08/01/2024 10:03 PM

What is your base DN ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC