Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/22/2024 04:36 AM
Hi Team,
We have a requirement to set the owner for 'service accounts' while creating. We have stored the DN value of account in a user customproperty.
Below is the create account JSON:
{
"sAMAccountName": "${task.accountName}",
"displayName": "${'Service Account - ' + displayName}",
"givenName": "${task.accountName}",
"sn": "${task.accountName}",
"objectclass": ["top", "person", "organizationalPerson", "user"],
"userPrincipalName": "${task.accountName + '@XYZ.gov.au'}",
"description": "${description}",
"userAccountControl": "65536",
"owner":"${user.custompropertyX}"
}
But, its giving the below error in logs:
Could you please help what is the issue here?
Thanks,
10/22/2024 06:19 AM
Does owner attribute exists in target?
10/22/2024 06:31 AM
@rushikeshvartak Thank you for the response.
Yes, owner attribute exists. We are able to see the owner attribute using softerra browser in AD.
Thanks,
10/22/2024 06:33 AM
Are you able to create user outside saviynt using tool mentioned ? If yes share sample user metadata
⚠️ Reminder: Mask possible PII such as employee names, email addresses, phone numbers, IP addresses, account details, company-specific URLs, and client names before sharing.⚠️
10/22/2024 06:40 AM
@rushikeshvartak Sorry didn't get this. Create user outside Saviynt means?
We are able to create the service account in AD through Saviynt. If we are removing the owner mapping from create account JSON.
Thanks,
10/22/2024 08:06 AM
Please share sample user metadata
10/22/2024 10:14 PM - edited 10/22/2024 10:15 PM
10/22/2024 10:22 PM
Share any existing user with owner field
10/22/2024 11:47 PM
@rushikeshvartak For user account creation we are setting the manager field not the owner field:
For service account creation requirement is to set the owner attribute.
Thanks,