Saviynt Forums

JPMac · ‎06/12/2023

Hi Team,

I just created a security group (Domain Local, Prod) from Create AD Groups.
Since the task was created, I ran WSRETRYJOB, but the following error is printed and the group is not created.

===

<br>Error while getting Entitlement w.r.t to rolename - CN=aaa,OU=bbb,DC=ccc,DC=ddd

The service account set up in AD Connections has powerful privileges such as Administrator, Domain User, and Domain Administrator.

Also, the createUpdateMappings are:
"sAMAccountName": "${role.customproperty26}," "cn": "${role.customproperty26}," "distinguishedName": "${role.role_name}," "objectClass":"group," "name": "${role.customproperty26}," "displayName": "${role.displayname}," "description":"${role.description}," "groupType": "${if (role.customproperty21 == 'Security' && role.customproperty22 == 'Global') '-2147483646' else if (role.customproperty21 == 'Security' && role.customproperty22 == 'Domain Local') '-2147483644' else if (role.customproperty21 == 'Security' && role.customproperty22 == 'Universal') '-2147483640' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Global') '2' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Domain Local') '4' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Universal') '8' else ''}"

Could you give me any advice?

rushikeshvartak · ‎06/12/2023

Do you have all custom property added during request?

Regards,
Rushikesh Vartak
If the response is helpful, please click Accept As Solution and kudos it.

vivekmohanty_pm · ‎06/12/2023

The format for createUpdateMappings is incorrect. You have used the comma inside the double quotes.

Try this -

  "sAMAccountName": "${role.customproperty26}",
  "cn": "${role.customproperty26}",
  "distinguishedName": "${role.role_name}",
  "objectClass": "group",
  "name": "${role.customproperty26}",
  "displayName": "${role.displayname}",
  "description": "${role.description}",
  "groupType": "${if (role.customproperty21 == 'Security' && role.customproperty22 == 'Global') '-2147483646' else if (role.customproperty21 == 'Security' && role.customproperty22 == 'Domain Local') '-2147483644' else if (role.customproperty21 == 'Security' && role.customproperty22 == 'Universal') '-2147483640' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Global') '2' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Domain Local') '4' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Universal') '8' else ''}"

JPMac · ‎06/12/2023

Hi Team, thanks for your response.

But I tried changing it to the createUpdateMappings, but the same error is printed.

vivekmohanty_pm · ‎06/12/2023

@JPMacPlease remove the distinguishedName and add the objectCategory to the mapping.

Please note that the objectCategory value will be specific to your domain name.

  "sAMAccountName": "${role.customproperty26}",
  "cn": "${role.customproperty26}",
  "objectCategory": "CN=Group,CN=Schema,CN=Configuration,DC=domainname,DC=com",
  "objectClass": "group",
  "name": "${role.customproperty26}",
  "displayName": "${role.displayname}",
  "description": "${role.description}",
  "groupType": "${if (role.customproperty21 == 'Security' && role.customproperty22 == 'Global') '-2147483646' else if (role.customproperty21 == 'Security' && role.customproperty22 == 'Domain Local') '-2147483644' else if (role.customproperty21 == 'Security' && role.customproperty22 == 'Universal') '-2147483640' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Global') '2' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Domain Local') '4' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Universal') '8' else ''}"

Saviynt Forums

Error Creation AD Groups