We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Displayname and DN generation issues

sundas7
Regular Contributor II
Regular Contributor II

Hi all,

We are experiencing an issue around the DN getting populated for the users with similar firstname /lastname .One of the newly created user had similar firstname /lastname .We observed ,it did not add a numeric to the CN of the new user,Hence provisioning of new user failed with error message:DN already exists.

We checked the logic in users/sav file and we could see that we have the necessary logic to set the displayname as below.

Earlier,when we found issues around Displayname not getting updated correctly (when users were changing their last names)in Saviynt ,we had to include the below in one of our custom query job

update users u set u.displayname = CONCAT(replace(replace(replace(u.lastname,'-',''),',',''),'.',''),', ',
replace(replace(replace(u.firstname,'-',''),',',''),'.','')) where statuskey=1;

We are not sure if the above one was causing the issues around DN getting populated for new users as this was the only change we can think of recently.

One of my colleague recently tested in lower env, removing the above update query in custom query job,then we could see the DN getting populated correctly for new users with similar name.

We would like to resolve both the issues.

1) New accounts to get provisioned with similar firstname/last name with the DN getting populated correctly

2)Whenever there is a change in last name,display name should get updated correctly in Saviynt(At the moment ,we are not passing updates in name changes to AD.)

Sample Logic in users.sav file

...................................................................

<similar logic here>>

when (select IF(nu.PreferedFirstName='',concat(nu.lastname,', ',nu.firstname,' ',SUBSTRING(nu.middlename,1, 1)),and so on.....

..................<similar logic here>>

select distinct cu.displayname from CURRENTUSERS cu where cu.displayname is not null) then IF(nu.PreferedFirstName='',concat(nu.lastname,', ',nu.firstname,2),concat(nu.lastname,', ',nu.PreferedFirstName,2)) and so on

............................<similar logic here>>

..............................<similar logic here>>

........................

Thanks

Shyam

1 REPLY 1

pruthvi_t
Saviynt Employee
Saviynt Employee

Hi @sundas7 ,

As per my understanding , while provisioning a new account to AD, you're not able to do so for new users whose first name and last name are similar as there is another user with similar DN present in AD.

To handle this case, you need to mention your account name rule to generate a DN for the account separated by '###'. Kindly refer to the below example:

CN=${user.lastname}\\, ${user.firstname} (Global-V)
[${user.username}],CN=Users,DC=abccompany,DC=com###CN=${user.lastname}1\\,
${user.firstname}1 (Global-V)
[${user.username}1],CN=Users,DC=abccompany,DC=com###CN=${user.lastname}\\,
${user.firstname} (Global-V) [${user.username}2],CN=Users,DC=abccompany,DC=com

Please refer to below document that has multiple examples for account name rule

https://docs.saviyntcloud.com/bundle/AD-v55x/page/Content/Configuring-the-Integration-for-Provisioni...

Thanks,


Regards,
Pruthvi