Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Disable Account instead or Removing from AD domain

Sakshi2806
New Contributor II
New Contributor II

Hi All,

We have a scenario where we want to disable the accounts instead of removing it from AD domain when revoke task is created via  campaign.

I understand that disable task won't be created but what if we use something like below -

{
"objects": [
{
"objectClasses": [
"user"
],
"distinguishedName": "${account.accountID?.replace('\\', '\\\\')?.replace('/', '\\/')}",
"attributes": {
"description":"Disabled by campaign",
"userAccountControl":514
}
}
]
}

The issue is it works for domain but not for other. Can anybody help with the solution ?

 

Thanks

Sakshi 

6 REPLIES 6

rushikeshvartak
All-Star
All-Star

Use actionable analytics report based on response provided in analytics which will also create proper task type and process and json adjustments are not required 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Sakshi2806
New Contributor II
New Contributor II

Thanks for the suggestion. However, the JSON adjustment is slightly better as we have lot of campaigns and setting up analytics again is not business is agreeing to . they want to leverage Revoke action task.

the issue is when we give full permission to our service account. It deletes the account. If we give only attribute specific permission it throws error with insufficient Access Right.

 

Thanks

Sakshi

Hi @Sakshi2806 ,

Can you add one more field in the JSON removeAction with value as SUSPEND, like below and try.

{
"objects": [
{
"objectClasses": [
"user"
],
"distinguishedName": "${account.accountID?.replace('\\', '\\\\')?.replace('/', '\\/')}",
"attributes": {
"description":"Disabled by campaign",
"removeAction": "SUSPEND"
}
}
]
}


Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

Sakshi2806
New Contributor II
New Contributor II

I tried with both SUSPEND and DELETE , it is not disabling but deleting the account in target.

@Sakshi2806  You are using ADSI connector or AD? Can you also add moveObjectToOU and try once.

{
"objects": [
{
"objectClasses": [
"user"
],
"distinguishedName": "${account.accountID?.replace('\\', '\\\\')?.replace('/', '\\/')}",

"moveObjectToOU": "OU=Saviynt_test,DC=Saviynt,DC=com",
"attributes": {
"description":"Disabled by campaign",
"removeAction": "SUSPEND"
}
}
]
}

 


Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

{
"objects": [
{
"objectClasses": [
"user"
],
"distinguishedName": "${account.accountID?.replace('\\', '\\\\')?.replace('/', '\\/')}","attributes": {
"description":"Disabled by campaign",
"userAccountControl": "514", "password": "${randomPassword}"
}
}
]
}


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.