Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

GLM (Group Lifecycle Management) of Active Directory - Create AD groups Using ARS tile

New Contributor III
New Contributor III

Hello Team,

I am trying to create AD groups using ARS/Create AD Groups tile, but Create Entitlement provisioning task is failing with below error. 

Error: "Error while Create operation for Entitlment- CN=AD_TEST_GROUP,DC=dev,DC=ABC,DC=org in AD, Exception : Error while GROUP CREATION IN AD"

Below are some more details of this use case.

1. When creating the group/entitlement by the end user they do not know Json mapping in such case they do not update value in customproperty9 which is mapped to "cn",  so in that case what could be "cn" mapping attribute from Saviynt role.

2. How can we create the groups in custom path like below "CN=AD_TEST_GROUP,OU=Test,DC=dev,DC=ABC,DC=org" or "CN=AD_TEST_GROUP1,OU=Test1,DC=dev,DC=ABC,DC=org" 

3. Please correct if there are any changes required in the below createupdateJSON.


"cn": "${role?.customproperty9}",
"objectCategory": "CN=Group,CN=Schema,CN=Configuration,DC=dev,DC=ABC,DC=org",
"distinguishedName": "${role?.role_name}",
"displayName": "${role?.displayname}",
"description": "${role?.description}",
"objectClass": "group",
"managedBy": "${ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).get(0)?.name:null}" }

Could you please help me out with how to achieve "Create AD groups" Using ARS tile use case. Thanks in Advance...


Saviynt Employee
Saviynt Employee

Hello @AnithaMavurapu,

Can you please use the below sample and modify it as per your need,
"distinguishedName": "${role.role_name}",
"displayName": "${role?.displayname!='null'?role.displayname:''}",
"description": "${role?.description!='null'?role.description:''}",
"groupType": "${role?.customproperty22.contains('Global') ? '-2147483646' : role?.customproperty22.contains('Domain Local') ? '-2147483644': role?.customproperty22.contains('Universal') ? '8' : ''}",

Note:- in customproperty21 of the user, the complete DN of the manager's AD account is present.


If you find the above response useful, Kindly Mark it as "Accept As Solution".

Thanks a lot for your response sudeshjaiswal, working on testing manage/update AD group use case using above provided JSON. Will update the result after testing is done.

Hi Sudesh,

Worked on AD GLM - Create AD group/Entitlement use case with below JSON, using CreateUpdateMappings JSON and groupSearchBaseDN path change was able to provision Create Entitlements in AD successfully. Thanks for your response with above JSON and details.


"objectClass": "group",
"groupType": "${role?.customproperty22.contains('Global') ? '-2147483646' : role?.customproperty22.contains('Domain Local') ? '-2147483644': role?.customproperty22.contains('Universal') ? '8' : ''}",
"cn": "${role?.customproperty26}",
"sAMAccountName": "${role?.customproperty26}",
"name": "${role?.customproperty26}",
"description": "${role.description}",
"displayName": "${role.displayname}",
"managedBy": "${user?.customproperty65}",
"info": "${user.username}"



Anitha Mavurapu