Saviynt Forums

RanjanS · ‎03/21/2023

As part of our AD disable account, we are moving users to the Term OU. The movement is happening correctly but CN is updated automatically when the user is moved to Term OU, even though there is no user with same CN in the Term OU.

My Disable Account Json is as below :

{
"extensionAttribute4":"${user.customproperty23}",
"msExchHideFromAddressLists" : "${if(user?.customproperty19.equalsIgnoreCase('Employee') && user?.customproperty13.equalsIgnoreCase('Salary')){'TRUE'}}",
"USERPASSWORD":"${randomPassword}",
"userAccountControl": "514",
"moveUsertoOU": "OU=Term_Users,DC=abc,DC=dev"
}

RanjanS · ‎03/22/2023

Can anyone help me here please.

Sheba · ‎03/22/2023

Hi Ranjan,

can you pls give an example how CN is changed. whenever there is movement happening in AD distinguished name(DN) will change since there is a change of OU location.

RanjanS · ‎03/22/2023

Hi Sheba,

Lets assume that an account is present with the below DN :

CN=Cal\, Arup,OU=Users,OU=Accounts,OU=LocOU,OU=Sites,DC=abc,DC=dev

Now user is terminated and disable account task is created for this account.

As per disable account, the account should be moved to term OU, which is happening correctly, but the CN part os updated as below along with the OU and the new DN looks like below :

CN=Cal\, Arup 2,OU=Term_Users,DC=abc,DC=dev

which is actually should not happen. CN should not be changed.

Note - There is no user already existing in Term OU with CN=Cal\, Arup

Thanks,

Ranjan

Sheba · ‎03/22/2023

Hi Ranjan,

It will change as per the OU location. may be you can consider

RECONCILATION_FIELD:objectguid

as a reconciliation field which will never change.

RanjanS · ‎03/22/2023

Hi Sheba,

How come reconciliation field matters here ?

All what we are doing is 'Disable Account' which is a provisioning operation.

Note - our reconciliation field is already set to objectGUID.

Saviynt Forums

CN is changed when account is moved to Term OU as part of disable account for AD Connector