Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Getting Error: OBJ_CLASS_VIOLATION while setting the owner for service account in AD

Ajit
New Contributor III
New Contributor III

‎10/22/2024 04:36 AM

Hi Team,

We have a requirement to set the owner for 'service accounts' while creating. We have stored the DN value of account in a user customproperty.

Below is the create account JSON:

{
"sAMAccountName": "${task.accountName}",
"displayName": "${'Service Account - ' + displayName}",
"givenName": "${task.accountName}",
"sn": "${task.accountName}",
"objectclass": ["top", "person", "organizationalPerson", "user"],
"userPrincipalName": "${task.accountName + '@XYZ.gov.au'}",
"description": "${description}",
"userAccountControl": "65536",
"owner":"${user.custompropertyX}"
}

 

But, its giving the below error in logs:

Ajit_0-1729596783717.png

 

Could you please help what is the issue here?

 

 

Thanks,

0 Kudos
8 REPLIES 8

rushikeshvartak
All-Star
All-Star

‎10/22/2024 06:19 AM

Does owner attribute exists in target?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Ajit
New Contributor III
New Contributor III
In response to rushikeshvartak

‎10/22/2024 06:31 AM

@rushikeshvartak Thank you for the response.

Yes, owner attribute exists. We are able to see the owner attribute using softerra browser in AD.

Thanks,

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Ajit

‎10/22/2024 06:33 AM

Are you able to create user outside saviynt using tool mentioned ? If yes share sample user metadata 

⚠️ Reminder: Mask possible PII such as employee names, email addresses, phone numbers, IP addresses, account details, company-specific URLs, and client names before sharing.⚠️


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Ajit
New Contributor III
New Contributor III
In response to rushikeshvartak

‎10/22/2024 06:40 AM

@rushikeshvartak Sorry didn't get this. Create user outside Saviynt means?

We are able to create the service account in AD through Saviynt. If we are removing the owner mapping from create account JSON.

Thanks,

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Ajit

‎10/22/2024 08:06 AM

Please share sample user metadata


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Ajit
New Contributor III
New Contributor III

‎10/22/2024 10:14 PM - edited ‎10/22/2024 10:15 PM

@rushikeshvartak  PFB:

Ajit_0-1729660422599.png

Thanks,

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Ajit

‎10/22/2024 10:22 PM

Share any existing user with owner field


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Ajit
New Contributor III
New Contributor III
In response to rushikeshvartak

‎10/22/2024 11:47 PM

@rushikeshvartak  For user account creation we are setting the manager field not the owner field:

Ajit_0-1729665904830.png

For service account creation requirement is to set the owner attribute.

Thanks,

0 Kudos
Copyright © 2024 Khoros, LLC