02/22/2023 01:53 AM
Hi Team,
We have a requirement to create another AD based account which will be provisioned to only a group of people in the organization.
For example the department=TSG support.
And the OU should be marked as CN=lastname.firstname- Administrator,OU=Elevated Accounts,OU=Global,DC=BAIN,DC=com
The account name should be ADM.username, so ADM should be the initial which needs to be used at the time of account creation.
I have created the connection,SS,EP separately but the account is not creating with ADM. It is just using the username and gets created same as the actual AD account.
Can you guide me on this.
Account name rule at EP is as below:
Regards,
Ekata
Solved! Go to Solution.
02/22/2023 04:41 PM
Can you share your CREATEACCOUNTJSON? I assume there you might be mapping username for samaccountname instead of pulling it from task?.accountName
02/23/2023 01:14 AM
Hi,
Below is the json used:
{ "samaccountname": "${user?.username}",
"displayName": "${user?.lastname}, ${null != user?.preferedFirstName ? user?.preferedFirstName : user?.firstname}${null != user?.customer && user?.customer?.id==4 ? ' (BAN)': ''}",
"givenName": "${null != user?.preferedFirstName ? user?.preferedFirstName : user?.firstname}",
"sn": "${user?.lastname}",
"objectclass": [ "top",
"person", "organizationalPerson",
"user" ],
"name": "${user?.lastname}, ${null != user?.preferedFirstName ? user?.preferedFirstName : user?.firstname} (${user?.username})",
"company": "${null != user?.customer && user?.customer.id==4 ? '': 'Bain & Company, Inc.'}",
"employeeid": "${user?.username}",
"adminDescription": "E3EMS;E3OFFICE;",
"UNICODEPWD": "${randomPassword}",
"pwdLastSet": "0",
"msNPAllowDialin": "${null != user?.customer && user.customer.id==4 ? 'FALSE':'TRUE'}",
"extensionattribute6": "${null != user?.customer && user.customer.id==4 ? user?.customproperty22+(user?.employeeclass.substring(user?.employeeclass.indexOf(" ")+1,user?.employeeclass.toString().length())):user?.customproperty22}",
"department": "${null != user?.customer && user.customer.id==4 ? 'Bain Advisory Network': user?.departmentname}",
"title": "${null != user?.customer && user?.customer?.id==4 ? 'Bain Advisory Network': user?.title}",
"description": "${null != user?.customer && user?.customer?.id==4 ? 'Bain Advisory Network': user?.comments}",
"userAccountControl": "512", "manager": "${if(user?.customer?.id==4 && null != managerAccount.accountID){managerAccount.accountID}}" ,
"seeAlso": "${user?.customer?.id==4 && (null != managerAccount && null != managerAccount.accountID)? managerAccount.accountID : ''}",
"accountExpires":"${if ((null != user?.customer && user.customer.id==4) && (user?.enddate != null || user?.enddate != '')) {10000*(user.enddate.getTime() + 11644473600000 +100799999)}else {0}}",
"l": "${user?.city}",
"streetAddress": "${user?.street}",
"st":"${user?.state}", "co":"${user?.country}",
"c":"${user?.customproperty18}",
"postalCode":"${user?.regioncode}"
}
Should I change the first line as task?.accountName?
Regards,
Ekata
02/23/2023 02:57 AM
Hi,
I tried as per your suggestion task?.accountName for samaccountname instead of username but still the issue is same.
02/23/2023 06:09 AM
Just to understand how are you creating new ADM* accounts?
02/23/2023 06:43 AM
So, we have created different AD based connector with SS and EP as per the business requirement.
with the above mentioned account name rule and createaccountjson we are trying to create new accounts having account name as ADM followed by username.
The pending task gets created with ADM but at the time of completion it shows only the username.
For example:
Also after completion of task there is a provisioning comment added- Checking DN for CN=Dev Test\, kim test [9999291067],OU=Malden,OU=Americas,DC=BAIN,DC=com.FOund an inactive account -CN=Dev Test\, kim test [9999291067],OU=Malden,OU=Americas,DC=BAIN,DC=com and the attributes-[:] match so using that instead of creating a new one as the account is inactive.
In connection we are passing ACCOUNTNAMERULE as CN=${user.lastname}\\, ${null != user?.preferedFirstName ? user?.preferedFirstName : user?.firstname} [${user?.username}],${null != user?.customer && user?.customer?.id==4 ? 'OU=Contractors,OU=NonEmployees,' : ''}${user?.customproperty49} where CP49 value is OU=Malden,OU=Americas,DC=BAIN,DC=com.
Can you advise if this is the reason?
Thanks
02/23/2023 06:53 AM
Looks like you have same accountname rule in both AD connections. Looks like it is causing issue in creating new account if user already have regular account because distinguished name should be unique.
So change the accountnamerule for ADM connection to different, Example replace ${user?.username} with ${task?.accountName}
02/23/2023 08:36 AM
Thanks a lot. It worked as expected.