and more in a single search tool across platforms. Read the announcement here. |
06/26/2023 10:46 AM
Hello Team,
I am trying to update/manage AD groups using ARS/Manage AD Groups tile, Successfully updated and validated entitlement 'description' and 'displayname' attributes updated values both in AD endpoint and in Saviynt after reconciliation. Next trying to update 'managedby' attribute but this update entitlement provisioning tasking failed with below error and below is the createupdateJSON used in AD connection. Could you please let me know where I am going wrong, and suggest me if any JSON changes required or how can we achieve this 'managedby' attribute update.
And how can we manage 'name/entitlementvalue' attribute ["name/entitlementvalue":"${role.role_name}"], if we do the role.role_name updated and when we do reconciliation it creates brand new entitlement because it will not have any entitlement with that name. Please correct me if that is not correct.
Createupdatemapping:
"objectclass":"group",
"description": "${role.description}",
"displayname":"${role.displayname}",
"managedBy": "${ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).get(0)?.name:null}"
Thanks in advance.....
Thanks
Anitha Mavurapu
Solved! Go to Solution.
06/26/2023 03:41 PM
Below worked in our case:
"cn":"${role?.customproperty27}",
"distinguishedName": "${role.role_name}",
"displayName": "${role?.displayname!='null'?role.displayname:''}",
"description": "${role?.description!='null'?role.description:''}",
"objectClass":"group",
"name":"${role.role_name}",
"groupType": "${role?.customproperty22.contains('Global') ? '-2147483646' : role?.customproperty22.contains('Domain Local') ? '-2147483644': role?.customproperty22.contains('Universal') ? '8' : ''}",
"sAMAccountName":"${role?.customproperty27}",
"managedBy":"${user?.customproperty21}",
"info":"${user.username}"
in customproperty21 of user, the complete DN of managers AD account is present.
07/06/2023 09:23 AM
Thanks a lot for your response Devang Gandhi, working on testing manage/update AD group use case using above provided JSON. Will update the result after testing is done.
07/06/2023 10:01 AM
Sure!!
07/19/2023 07:58 AM
Hi Devang Gandhi,
Worked on AD GLM - Manage AD group/Entitlement use case with below JSON, using this JSON was able to provision the updates in AD successfully.
Createupdatemapping: This JSON working fine
"objectclass":"group",
"description": "${role.description}",
"displayName":"${role.displayname}",
"managedBy": "${user?.customproperty65}",
"info": "${user.username}"
But when I did updated above JSON with cn, distinguishedName, samaccountname, name attributes mapping to achieve Create entitlement use case and update/manage use case, provisioning Job is failing. Could you please look into this issue and provide me the details what is causing this issue and how can we make it work to create an entitlement/group in AD.
Createupdatemapping: This JSON not working
"cn": "${role?.Customproperty27}",
"distinguishedName": "${role.role_name}",
"sAMAccountName": "${role?.Customproperty27}",
"name": "${role?.Customproperty27}",
"groupType": "${role?.customproperty22.contains('Global') ? '-2147483646' : role?.customproperty22.contains('Domain Local') ? '-2147483644': role?.customproperty22.contains('Universal') ? '8' : ''}",
"objectclass": "group",
"description": "${role.description}",
"displayName": "${role.displayname}",
"managedBy": "${user?.customproperty65}",
"info": "${user.username}"
FYI - I see these details from AD groupimportedmapping JSON and one of the entitlement imported into Saviynt cn_char(CP13 - FR_11300 ), sAMAccountName_char(CP30 - FR_11300), name_char(CP9 - FR_11300), distinguishedName_char(entitlement_value - CN=FR_11300,OU=****************,DC=***,DC=**************,DC=*******).
Thanks
Anitha Mavurapu
08/07/2023 07:50 AM - edited 08/07/2023 08:01 AM
Hi Devang Gandhi,
Worked on AD GLM - Manage AD group/Entitlement use case with below JSON, using CreateUpdateMappings JSON and groupSearchBaseDN path change was able to provision update entitlements in AD successfully. Thanks for your response with above JSON and details.
CreateUpdateMappings:
"objectClass": "group",
"groupType": "${role?.customproperty22.contains('Global') ? '-2147483646' : role?.customproperty22.contains('Domain Local') ? '-2147483644': role?.customproperty22.contains('Universal') ? '8' : ''}",
"cn": "${role?.customproperty26}",
"sAMAccountName": "${role?.customproperty26}",
"name": "${role?.customproperty26}",
"description": "${role.description}",
"displayName": "${role.displayname}",
"managedBy": "${user?.customproperty65}",
"info": "${user.username}"
Thanks
Anitha Mavurapu