and more in a single search tool across platforms. Read the announcement here. |
06/26/2023 10:17 AM
Hello Team,
I am trying to create AD groups using ARS/Create AD Groups tile, but Create Entitlement provisioning task is failing with below error.
Error: "Error while Create operation for Entitlment- CN=AD_TEST_GROUP,DC=dev,DC=ABC,DC=org in AD, Exception : Error while GROUP CREATION IN AD"
Below are some more details of this use case.
1. When creating the group/entitlement by the end user they do not know Json mapping in such case they do not update value in customproperty9 which is mapped to "cn", so in that case what could be "cn" mapping attribute from Saviynt role.
2. How can we create the groups in custom path like below "CN=AD_TEST_GROUP,OU=Test,DC=dev,DC=ABC,DC=org" or "CN=AD_TEST_GROUP1,OU=Test1,DC=dev,DC=ABC,DC=org"
3. Please correct if there are any changes required in the below createupdateJSON.
CreateUpdateJson:
"cn": "${role?.customproperty9}",
"objectCategory": "CN=Group,CN=Schema,CN=Configuration,DC=dev,DC=ABC,DC=org",
"distinguishedName": "${role?.role_name}",
"displayName": "${role?.displayname}",
"description": "${role?.description}",
"objectClass": "group",
"managedBy": "${ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).get(0)?.name:null}" }
Could you please help me out with how to achieve "Create AD groups" Using ARS tile use case. Thanks in Advance...
Solved! Go to Solution.
06/30/2023 01:15 AM
Hello @AnithaMavurapu,
Can you please use the below sample and modify it as per your need,
``````````````Sample`````````````````````
"cn":"${role?.customproperty27}",
"distinguishedName": "${role.role_name}",
"displayName": "${role?.displayname!='null'?role.displayname:''}",
"description": "${role?.description!='null'?role.description:''}",
"objectClass":"group",
"name":"${role.role_name}",
"groupType": "${role?.customproperty22.contains('Global') ? '-2147483646' : role?.customproperty22.contains('Domain Local') ? '-2147483644': role?.customproperty22.contains('Universal') ? '8' : ''}",
"sAMAccountName":"${role?.customproperty27}",
"managedBy":"${user?.customproperty21}",
"info":"${user.username}"
Note:- in customproperty21 of the user, the complete DN of the manager's AD account is present.
Thanks,
07/06/2023 09:24 AM - edited 07/06/2023 09:26 AM
Thanks a lot for your response sudeshjaiswal, working on testing manage/update AD group use case using above provided JSON. Will update the result after testing is done.
08/07/2023 07:57 AM
Hi Sudesh,
Worked on AD GLM - Create AD group/Entitlement use case with below JSON, using CreateUpdateMappings JSON and groupSearchBaseDN path change was able to provision Create Entitlements in AD successfully. Thanks for your response with above JSON and details.
CreateUpdateMappings:
"objectClass": "group",
"groupType": "${role?.customproperty22.contains('Global') ? '-2147483646' : role?.customproperty22.contains('Domain Local') ? '-2147483644': role?.customproperty22.contains('Universal') ? '8' : ''}",
"cn": "${role?.customproperty26}",
"sAMAccountName": "${role?.customproperty26}",
"name": "${role?.customproperty26}",
"description": "${role.description}",
"displayName": "${role.displayname}",
"managedBy": "${user?.customproperty65}",
"info": "${user.username}"
Thanks
Anitha Mavurapu