and more in a single search tool across platforms. Read the announcement here. |
01/08/2024 11:54 PM - edited 01/08/2024 11:56 PM
Hello All,
After running AD recon JOB successfully it was found that there were some duplicate entitlements found in Saviynt. Logs doesn't have complete information to investigate the issue.
Is there any config that we need to add in AD connection to view complete logs during AD recon job execution ?
objectGUID_Binary is the RECONCILATION_FIELD mapped in groupImportMapping
Note - Actual entitlement has all attribute values reconciled successfully as expected but duplicate entitlement doesn't have all the attribute values (like cp's mapping during import) it has only Entitlement Value . Also Accounts are getting mapped to the duplicate entitlement but not to the actual entitlement.
01/09/2024 03:22 AM
Hi @harishyara
Could you please share the groupImportMapping.
Is the entitlement_id mapped in JSON?
Regards,
Dhruv Sharma
01/09/2024 05:00 AM
01/09/2024 05:24 AM
It was working before ?
01/09/2024 06:06 AM
Hi @rushikeshvartak - It happened after I changed the groupSearchBaseDN
FROM
OU=abc,DC=test,DC=domain,DC=com
TO
DC=test,DC=domain,DC=com
Since required groups are present under OU=Test-Groups,DC=test,DC=domain,DC=com so I have given root domain to get all the groups.
01/09/2024 09:00 PM
what is entitlementid for one of the duplicate ent
01/10/2024 04:59 AM
@rushikeshvartak - duplicate entitlementid is showing as null.
01/10/2024 08:08 PM
It seems it pulled from account import and not from Access import. inactivate them and rerun recon and try
01/11/2024 04:30 AM - edited 01/11/2024 10:08 AM
@rushikeshvartak - Okay thanks for the update but, if there is already an entitlement exist with same entitlement value why Saviynt is creating new entitlement with same entitlement value instead of updating the existing entitlement ?
Also, please note that the accounts are getting mapped to the duplicate entitlement but not to the actual entitlement?
01/11/2024 07:45 PM