Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Error while provisioning AD Create Account

KarthikaMoorti
New Contributor
New Contributor

When we try to provision AD Create Account received the below error:

Error while creating account in AD - [LDAP: error code 19 - 00002082: AtrErr: DSID-03151F1C, #1: 0: 00002082: DSID-03151F1C, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 6 (c):len 14 ]

Create AccountJSON:

{
"accountExpires": "${if(user?.enddate!=null){(((user?.enddate.getTime()+11644473600000)*10000)+900000000000)}else {0}}",
"c": "${user?.companyname}",
"cn": "${cn}",
"co": "${user?.country}",
"department": "${user?.departmentname}",
"description": "${user?.title}",
"displayname": "${user?.displayname}",
"employeeID": "${user?.employeeid}",
"employeetype": "${user?.employeeType}",
"givenName": "${user?.firstname}",
"mail": "${user?.email}",
"manager": "${managerAccount?.accountID==null?'':managerAccount?.accountID}",
"name": "${user?.displayname}",
"objectClass": ["top", "person", "organizationalPerson", "user"],
"sAMAccountName": "${task?.accountName}",
"sn": "${user?.lastname}",
"title": "${user?.title}",
"userprincipalname": "${user?.email.toString().toLowerCase()}"
}

18 REPLIES 18

rushikeshvartak
All-Star
All-Star

{
"cn": "${cn}",
"givenName": "${user?.firstname}",
"sn": "${user?.lastname}",
"displayname": "${user?.displayname}",
"sAMAccountName": "${task?.accountName}",
"userprincipalname": "${user?.email.toString().toLowerCase()}",
"objectClass": ["top", "person", "organizationalPerson", "user"]
}


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Hi @rushikeshvartak, this what we exactly have in our JSON.

Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .



‼️‼️⚠️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.⚠️‼️‼️


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Tried updating the manager attribute JSON as below and task failed.

"manager": "${managerAccount?.accountID !=null?managerAccount.accountID:''}"

Attached is the error screenshot what we received in logs.

KarthikaMoorti_0-1718641685406.png

 

Does it works without manager attribute ?


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Removed manager attribute but still it fails with below error.

Error while creating account in AD - [LDAP: error code 19 - 00002082: AtrErr: DSID-03151F1C, #1: 0: 00002082: DSID-03151F1C, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 6 (c):len 14 ]

KarthikaMoorti_0-1718647041284.png

 

Did you tried below JSON

{
"cn": "${cn}",
"givenName": "${user?.firstname}",
"sn": "${user?.lastname}",
"displayname": "${user?.displayname}",
"sAMAccountName": "${task?.accountName}",
"userprincipalname": "${user?.email.toString().toLowerCase()}",
"objectClass": ["top", "person", "organizationalPerson", "user"]
}


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Hi Rushikesh,

Yes, we tried the above basic attribute JSON which worked early.

Later we added few more attributes like account expires, manager and it started throwing error. As per my previous statement, we removed manager attribute and tried provisioning yesterday, but still it is throwing error. 

Which attribute are causing issues ? Does it have proper value ?


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

We are onboarding a user through Import (using .csv file) for testing AD Prov/De-Prov capability.

And we do have proper manager for the user while uploading and the below simple manager JSON worked early.

"manager": "${managerAccount.accountID}"

Also, newly added attribute is account expires and we are passing that value during our .csv file import.

 

[SMALL CORRECTION FROM MY ABOVE STATEMENT]

We are onboarding a user through Import (using .csv file) for testing AD CREATE ACCOUNT capability.

And we do have proper manager for the user while uploading and the below simple manager JSON worked early.

"manager": "${managerAccount.accountID}"

Also, newly added attribute is account expires and we are not passing that value during our .csv file import.

 

Can you share sample screenshot of import sheet and share manager account id exist using data analyzer query


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.


KarthikaMoorti_0-1718744688067.png


KarthikaMoorti_1-1718744723810.png

 

Accountid exists in account table. You have provided users table screenshot


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Accountid,name and their status.

KarthikaMoorti_0-1718823492752.png

 

 

Accountid


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

Raghu
All-Star
All-Star

@KarthikaMoorti  try below

"manager": "${ if (managerAccount == null || managerAccount?.accountID == null || managerAccount?.accountID == '' ){''} else {managerAccount?.accountID} }"

https://forums.saviynt.com/t5/identity-governance/error-provisionning-in-ad-ldap-error-code-19-00002...

 


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

Hi @Raghu, when we tried updating your JSON for manager attribute it throwed below error:

 Error while creating account in AD - Error parsing JSON