Saviynt Forums

savuser17 · ‎03/06/2024

Hello team,

Working on a basic AD connector for a UAT account creation. While creation, we get the following message: Checking DN for *DN*.Not FOund DN for *DN*. Task gets completed and account gets created as well as it gets pulled back in recon but messgae persists

Referred to the folllowing forum question: https://forums.saviynt.com/t5/identity-governance/ad-connection-not-found-dn-while-creating-account/... however our AccountiD is already populated with the DN, so that should not be the issue

As result, when disabling it shows : DN does not exists *DN* and the dn does not get moved to new ou

I should also point out that we have implemented similar codes for two other AD connectors, in which the codes are very similar. Attaching the relevant codes for create, disable and accountnamerule.

Pease help out if any advice.

Thanks

sudeshjaiswal · ‎03/08/2024

Hello @savuser17 ,

Could you please confirm if the versions are same where the above attached jsons are working?
Also can you please provide the value of "$ApplicationName" mentioned in the create account json.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

savuser17 · ‎03/11/2024

Hi Sudesh,

Yes, I just now tested a disable account usecase in the current version for another endpoint and it worked. although i should mention that the code for that is a little differently written:

${Map map1 = new HashMap(); if(user.employeeType.equalsIgnoreCase('Freelance') && user.customproperty25.equalsIgnoreCase('L')) map1.put("moveUsertoOU","OU=**********,OU=************,DC=***,DC=***,DC=com");if(task.source.equalsIgnoreCase('ANALYTICS_V2'))map1.put("moveUsertoOU","OU=**********,OU=************,DC=***,DC=***,DC=com");else map1.put("moveUsertoOU","OU=**********,OU=************,DC=***,DC=***,DC=com"); map1.put("deleteAllGroups","No"); map1.put("userAccountControl","514"); map1.put("description",'Terminated by AccessIT on '+ Calendar.getInstance().getTime().format('yyyy-MM-dd HH:mm:ss')); jsonBuilder = new groovy.json.JsonBuilder(map1); return jsonBuilder.toString();}

but the moveusertoou remains similar.

Also, applicationname is a dynamic attribute that can have values such as Active-Directory, WorldSpan, Compleat-Secure, etc.

Thanks

savuser17 · ‎03/14/2024

Hi @sudeshjaiswal, is there anything more to try? any other input?

Thanks

sudeshjaiswal · ‎03/14/2024

Hello @savuser17,

Can you try to hardcode the value and check if it is working.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

savuser17 · ‎03/14/2024

I have tried it with this as well:

{
"moveUsertoOU":"OU=Terminated,OU=Process,DC=TST,DC=GBTE2,DC=com",
"userAccountControl":"66050"
}

which is a relatively simple code and has worked for another ad service account connector. Still does not work. It cannot find the account itself.

rushikeshvartak · ‎03/14/2024

Compare all connection parameters i believe base path have issue

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Saviynt Forums

Getting DN does not exists error while disabling account