We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

GLM (Group Lifecycle Management) of Active Directory - Manage AD groups Using ARS tile

AnithaMavurapu
New Contributor III
New Contributor III

Hello Team,

I am trying to update/manage AD groups using ARS/Manage AD Groups tile, Successfully updated and validated entitlement 'description' and 'displayname' attributes updated values both in AD endpoint and in Saviynt after reconciliation. Next trying to update 'managedby' attribute but this update entitlement provisioning tasking failed with below error and below is the createupdateJSON used in AD connection. Could you please let me know where I am going wrong, and suggest me if any JSON changes required or how can we achieve this 'managedby' attribute  update.

And how can we manage 'name/entitlementvalue' attribute ["name/entitlementvalue":"${role.role_name}"], if we do the role.role_name updated and when we do reconciliation it creates brand new entitlement because it will not have any entitlement with that name. Please correct me if that is not correct.

Createupdatemapping:

"objectclass":"group",
"description": "${role.description}",
"displayname":"${role.displayname}",
"managedBy": "${ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).get(0)?.name:null}"

 

Thanks in advance.....

Thanks

Anitha Mavurapu

5 REPLIES 5

dgandhi
All-Star
All-Star

Below worked in our case:

"cn":"${role?.customproperty27}",
"distinguishedName": "${role.role_name}",
"displayName": "${role?.displayname!='null'?role.displayname:''}",
"description": "${role?.description!='null'?role.description:''}",
"objectClass":"group",
"name":"${role.role_name}",
"groupType": "${role?.customproperty22.contains('Global') ? '-2147483646' : role?.customproperty22.contains('Domain Local') ? '-2147483644': role?.customproperty22.contains('Universal') ? '8' : ''}",
"sAMAccountName":"${role?.customproperty27}",
"managedBy":"${user?.customproperty21}",
"info":"${user.username}"

in customproperty21 of user, the complete DN of managers AD account is present.

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

Thanks a lot for your response Devang Gandhi, working on testing manage/update AD group use case using above provided JSON. Will update the result after testing is done.

Sure!!

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

Hi Devang Gandhi,

Worked on AD GLM - Manage AD group/Entitlement use case with below JSON, using this JSON was able to  provision the updates in AD successfully. 

Createupdatemapping: This JSON working fine

"objectclass":"group",
"description": "${role.description}",
"displayName":"${role.displayname}",
"managedBy": "${user?.customproperty65}",
"info": "${user.username}"

 

But when I did updated above JSON with cn, distinguishedName, samaccountname, name attributes mapping to achieve Create entitlement use case and update/manage use case, provisioning Job is failing. Could you please look into this issue and provide me the details what is causing this issue and how can we make it work to create an entitlement/group in AD.

Createupdatemapping: This JSON not working

"cn": "${role?.Customproperty27}",
"distinguishedName": "${role.role_name}",
"sAMAccountName": "${role?.Customproperty27}",
"name": "${role?.Customproperty27}",
"groupType": "${role?.customproperty22.contains('Global') ? '-2147483646' : role?.customproperty22.contains('Domain Local') ? '-2147483644': role?.customproperty22.contains('Universal') ? '8' : ''}",
"objectclass": "group",
"description": "${role.description}",
"displayName": "${role.displayname}",
"managedBy": "${user?.customproperty65}",
"info": "${user.username}"

 

FYI - I see these details from AD groupimportedmapping JSON and one of the entitlement imported into Saviynt cn_char(CP13 - FR_11300 ), sAMAccountName_char(CP30 - FR_11300), name_char(CP9 - FR_11300), distinguishedName_char(entitlement_value - CN=FR_11300,OU=****************,DC=***,DC=**************,DC=*******).

Thanks

Anitha Mavurapu

 

Hi Devang Gandhi,

Worked on AD GLM - Manage AD group/Entitlement use case with below JSON, using CreateUpdateMappings JSON and groupSearchBaseDN path change was able to provision update entitlements in AD successfully. Thanks for your response with above JSON and details.

CreateUpdateMappings:

"objectClass": "group",
"groupType": "${role?.customproperty22.contains('Global') ? '-2147483646' : role?.customproperty22.contains('Domain Local') ? '-2147483644': role?.customproperty22.contains('Universal') ? '8' : ''}",
"cn": "${role?.customproperty26}",
"sAMAccountName": "${role?.customproperty26}",
"name": "${role?.customproperty26}",
"description": "${role.description}",
"displayName": "${role.displayname}",
"managedBy": "${user?.customproperty65}",
"info": "${user.username}"

 

Thanks

Anitha Mavurapu