and more in a single search tool across platforms. Read the announcement here. |
03/06/2024 02:46 AM - edited 03/06/2024 02:46 AM
Hello team,
Working on a basic AD connector for a UAT account creation. While creation, we get the following message: Checking DN for *DN*.Not FOund DN for *DN*. Task gets completed and account gets created as well as it gets pulled back in recon but messgae persists
Referred to the folllowing forum question: https://forums.saviynt.com/t5/identity-governance/ad-connection-not-found-dn-while-creating-account/... however our AccountiD is already populated with the DN, so that should not be the issue
As result, when disabling it shows : DN does not exists *DN* and the dn does not get moved to new ou
I should also point out that we have implemented similar codes for two other AD connectors, in which the codes are very similar. Attaching the relevant codes for create, disable and accountnamerule.
Pease help out if any advice.
Thanks
Solved! Go to Solution.
03/08/2024 04:17 AM
Hello @savuser17 ,
Could you please confirm if the versions are same where the above attached jsons are working?
Also can you please provide the value of "$ApplicationName" mentioned in the create account json.
Thanks.
03/11/2024 06:11 AM
Hi Sudesh,
Yes, I just now tested a disable account usecase in the current version for another endpoint and it worked. although i should mention that the code for that is a little differently written:
${Map map1 = new HashMap(); if(user.employeeType.equalsIgnoreCase('Freelance') && user.customproperty25.equalsIgnoreCase('L')) map1.put("moveUsertoOU","OU=**********,OU=************,DC=***,DC=***,DC=com");if(task.source.equalsIgnoreCase('ANALYTICS_V2'))map1.put("moveUsertoOU","OU=**********,OU=************,DC=***,DC=***,DC=com");else map1.put("moveUsertoOU","OU=**********,OU=************,DC=***,DC=***,DC=com"); map1.put("deleteAllGroups","No"); map1.put("userAccountControl","514"); map1.put("description",'Terminated by AccessIT on '+ Calendar.getInstance().getTime().format('yyyy-MM-dd HH:mm:ss')); jsonBuilder = new groovy.json.JsonBuilder(map1); return jsonBuilder.toString();}
but the moveusertoou remains similar.
Also, applicationname is a dynamic attribute that can have values such as Active-Directory, WorldSpan, Compleat-Secure, etc.
Thanks
03/14/2024 02:39 AM
Hi @sudeshjaiswal, is there anything more to try? any other input?
Thanks
03/14/2024 02:40 AM
Hello @savuser17,
Can you try to hardcode the value and check if it is working.
Thanks.
03/14/2024 02:48 AM
I have tried it with this as well:
{
"moveUsertoOU":"OU=Terminated,OU=Process,DC=TST,DC=GBTE2,DC=com",
"userAccountControl":"66050"
}
which is a relatively simple code and has worked for another ad service account connector. Still does not work. It cannot find the account itself.
03/14/2024 09:33 PM
Compare all connection parameters i believe base path have issue