Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Error when creating AD service account through manage service accounts

aundreb
Regular Contributor II
Regular Contributor II

Hello,

I'm getting the below error when trying to create a service account in AD. 

NoSuchAttributeException [LDAP:ERROR CODE 16 - 00000057 ]

aundreb_0-1671221237539.png

Below is my createaccountjson. Creating a regular account works, wondering if there are any attributes that cannot be modified or included for creating service accounts.

{
"samaccountname": "${ServiceAccountOwnerMap.get("ServiceAccountType") == 'ServiceAccount' ? task?.accountName : user?.username}",
"displayName": "${ServiceAccountOwnerMap.get("ServiceAccountType") == 'ServiceAccount' ? task.accountName : user?.displayname}",
"mail": "${user?.email}",
"employeeid": "${user?.employeeid}",
"CannotChangePassword": "",
"l": "${user?.city}",
"scriptPath": "default.bat",
"givenName": "${ServiceAccountOwnerMap.get("ServiceAccountType") == 'ServiceAccount' ? task?.accountName : user?.firstname}",
"sn": "${ServiceAccountOwnerMap.get("ServiceAccountType") == 'ServiceAccount' ? task?.accountName : user?.lastname}",
"objectclass": [
"top",
"person",
"organizationalPerson",
"user"
],
"userPrincipalName": "${ServiceAccountOwnerMap.get("ServiceAccountType") == 'ServiceAccount' ? task?.accountName : user?.systemUserName}@domain.com",
"company": "CN",
"description": "${ServiceAccountOwnerMap.get("ServiceAccountType") == 'ServiceAccount' ? task.accountName : user?.displayname}",
"pwdLastSet": "0",
"department": "${user?.departmentname}",
"title": "${user?.title}",
"homePhone": "${user?.phonenumber}",
"streetAdress": "${user?.street}",
"st": "${user?.street}",
"postalcode": "${user?.regioncode}",
"extensionAttribute1": "${user?.customproperty14}",
"extensionAttribute2": "${user?.customproperty15}",
"exofficelocation": "${user?.location}",
"pager": "${user?.customproperty61}",
"userPassword": " ${randomPassword}",
"accountExpires": "0",
"userAccountControl": "66048",
"manager": "${managerAccount?.accountID}"
}

 

 

2 REPLIES 2

rushikeshvartak
All-Star
All-Star
Title:  "LDAP error 16 - No such attribute" occurs when removing
TITLE attribute of AD account

Change case of sAMAccountName 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

sk
All-Star
All-Star

Try to change manager mapping as below and see it that works

"manager": "${if(ServiceAccountOwnerMap.ServiceAccountType.equals('Service Account')) {} else {managerAccount==null?null:managerAccount.accountID}}"

Also I see some if the fields you didn't check if account is service account or not directly passing user attributes(which in service account request case it would be requestor details) like, manager, title, departement etc. Are you expecting to pass requestor details for those attributes if not then do service account check for all attributes.

 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.