Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/04/2024 04:03 AM
Issue: We are unable to import the AD account attribute into the user attribute when the username and sAMAccountName are different.
Requirement: We want to import attributes like mail and UPN from AD and map them to users.
Currently, we are using AD connector and defined USER_ATTRIBUTE mapping as below:
[username::sAMAccountName#String,
email::mail#String,
CUSTOMPROPERTY13::userPrincipalName#String]
We have also created AD user import job and kept JOB Type: Full Import and Reconciliation Field: empty(which is by default username).
Challanges: This works fine when username and sAMAccountName match(90% users satisfy this condition).
However, we have few cases where username and sAMAccountName are not same and we would like to import email and UPN from different sAMAccountName(AD) and map them to the correct user.
example:
User 1: username: 38012345 have an AD account with sAMAccountName: 38012345 (both are same)
User 2 : username 380abcde have an AD account with sAMAccountName:380abcde (AD account is marked as inactive)
We want to map AD account: 38012345 to user: 380abcde and this works fine with a common attribute in both User and AD called employeeID.
However, this does not work when we try to import AD attribute(mail,UPN) of account 38012345 to user 380abcde with above mentioned USER_ATTRIBUTE mapping in AD connector.
It always end up importing AD account: 380abcde mail,UPN and update user 380abcde.
Could you please provide your expert view as how can we achieve this easily? maybe using SAV2SAV connector or to change the attount_attribute mapping?
Your response will be appriciated.
Thanks
10/04/2024 06:31 AM - edited 10/04/2024 06:31 AM
@dubeank instead os using samaccount name in username use any other field as reconciliation field.
Eg - employeeid
10/04/2024 06:56 AM
@NM : Thank you so much for your response:
I have tried below already:
USER_ATTRIBUTE:
[email::mail#String,
CUSTOMPROPERTY13::userPrincipalName#String,
CUSTOMPROPERTY15::objectGUID#Binary,
RECONCILATION_FIELD::CUSTOMPROPERTY15]
and changed AD_USER_IMPORT job as well:
However, It does not work, it did not import the mail and UPN and tagged to user.
Thanks
10/04/2024 07:09 AM
@dubeank add username field as well in the connector.
10/04/2024 07:10 AM
@dubeank plus plus ..objectguid is it stored on user profile .. look for a reconciliation which is present on users profile to map.
That is why I mentioned emoloyeeid in previous comment.
10/04/2024 07:14 AM
@NM : It works with the below mapping:
[username::sAMAccountName#String,
email::mail#String,
CUSTOMPROPERTY13::userPrincipalName#String,
CUSTOMPROPERTY15::objectGUID#Binary,
RECONCILATION_FIELD::CUSTOMPROPERTY15]
However, It changes username as well in Saviynt which we don't want.
Thanks
10/04/2024 07:43 AM
@dubeank i believe username is sort of mandatory.
What you can try once don't have username use any other field for reconciliation which is already present in user profile.
10/04/2024 07:57 AM
@NM : I checkd it without username and it did now work
10/04/2024 08:38 AM
@dubeank yes then it is required.
10/04/2024 08:37 AM