Saviynt Forums

dubeank · ‎10/04/2024

Issue: We are unable to import the AD account attribute into the user attribute when the username and sAMAccountName are different.

Requirement: We want to import attributes like mail and UPN from AD and map them to users.
Currently, we are using AD connector and defined USER_ATTRIBUTE mapping as below:
[username::sAMAccountName#String,
email::mail#String,
CUSTOMPROPERTY13::userPrincipalName#String]
We have also created AD user import job and kept JOB Type: Full Import and Reconciliation Field: empty(which is by default username).

Challanges: This works fine when username and sAMAccountName match(90% users satisfy this condition).
However, we have few cases where username and sAMAccountName are not same and we would like to import email and UPN from different sAMAccountName(AD) and map them to the correct user.

example:
User 1: username: 38012345 have an AD account with sAMAccountName: 38012345 (both are same)
User 2 : username 380abcde have an AD account with sAMAccountName:380abcde (AD account is marked as inactive)
We want to map AD account: 38012345 to user: 380abcde and this works fine with a common attribute in both User and AD called employeeID.
However, this does not work when we try to import AD attribute(mail,UPN) of account 38012345 to user 380abcde with above mentioned USER_ATTRIBUTE mapping in AD connector.
It always end up importing AD account: 380abcde mail,UPN and update user 380abcde.

Could you please provide your expert view as how can we achieve this easily? maybe using SAV2SAV connector or to change the attount_attribute mapping?
Your response will be appriciated.

Thanks

NM · ‎10/04/2024

@dubeank instead os using samaccount name in username use any other field as reconciliation field.

Eg - employeeid

dubeank · ‎10/04/2024

@NM : Thank you so much for your response:
I have tried below already:
USER_ATTRIBUTE:
[email::mail#String,
CUSTOMPROPERTY13::userPrincipalName#String,
CUSTOMPROPERTY15::objectGUID#Binary,
RECONCILATION_FIELD::CUSTOMPROPERTY15]

and changed AD_USER_IMPORT job as well:

However, It does not work, it did not import the mail and UPN and tagged to user.

Thanks

NM · ‎10/04/2024

@dubeank add username field as well in the connector.

NM · ‎10/04/2024

@dubeank plus plus ..objectguid is it stored on user profile .. look for a reconciliation which is present on users profile to map.

That is why I mentioned emoloyeeid in previous comment.

dubeank · ‎10/04/2024

@NM : It works with the below mapping:
[username::sAMAccountName#String,
email::mail#String,
CUSTOMPROPERTY13::userPrincipalName#String,
CUSTOMPROPERTY15::objectGUID#Binary,
RECONCILATION_FIELD::CUSTOMPROPERTY15]

However, It changes username as well in Saviynt which we don't want.

Thanks

NM · ‎10/04/2024

@dubeank i believe username is sort of mandatory.

What you can try once don't have username use any other field for reconciliation which is already present in user profile.

dubeank · ‎10/04/2024

@NM : I checkd it without username and it did now work

NM · ‎10/04/2024

@dubeank yes then it is required.

rushikeshvartak · ‎10/04/2024

Since this will be one time activity hence update user's property using csv file maually.
Henceforth accounts will be created from saviynt hence username and samaccountname will be same hence it will not cause issue for future users

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

how can we map AD account attribute with user attribute if username and sAMAccountName are different