This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to pass managerDN from different domain while AD account provisioning

Harish_Yara
New Contributor III
New Contributor III

‎11-25-2022 11:10 PM

Hi Team,

Is there any way to pass managerDN of a user from one domain to other domain while provisioning account to Active Directory.

Example

Consider there are two domains Domain1 - > abc.domain.one and Domain2 -> xyz.domain.two

Manager is present in abc.domain.one and his accountID (User DN)is

"Fname, Lname dc=abc, dc=domain, dc=one"

I am provisioning a user into domain2 xyz.domain.two and mapping manager as "Fname, Lname" (Fname, Lname dc=abc, dc=domain, dc=one) from domain 1 abc.domain.one

In CREATEACCOUNTJSON below syntax is used for manager field as

"manager": "${managerAccount==null?'':managerAccount.accountID}"

After provisioning account is getting created in Active Directory but manager field in AD is empty. But manager has to be mapped in Active Directory.

Please share your thoughts to fix this issue. @rushikeshvartak @uthra_rahul @arjungadgul

Thanks,

Harish

Labels:
0 Kudos
6 REPLIES 6

rushikeshvartak
All-Star
All-Star

‎11-26-2022 10:08 PM

After provisioning account is getting created in Active Directory but manager field in AD is empty. But manager has to be mapped in Active Directory.

can you elaborate


Regards,
Rushikesh Vartak
0 Kudos

Harish_Yara
New Contributor III
New Contributor III
In response to rushikeshvartak

‎11-27-2022 06:35 PM

@rushikeshvartak- I am provisioning a user into domain2 xyz.domain.two and assigned manager who is present in domain one "Fname, Lname" (Fname, Lname dc=abc, dc=domain, dc=one) and i used below syntax to assign manager

"manager": "${managerAccount==null?'':managerAccount.accountID}"

But manager is not getting assigned to the user.

Thanks,

Harish

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Harish_Yara

‎11-27-2022 07:29 PM

Does existing users are assigned similar like this situations ?

are you able to add in AD directly?


Regards,
Rushikesh Vartak
0 Kudos

Harish_Yara
New Contributor III
New Contributor III
In response to rushikeshvartak

‎11-27-2022 08:35 PM

@rushikeshvartak- This is our new use case where manager from one domain needs to assign to the user who is present in another domain.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Harish_Yara

‎11-27-2022 09:51 PM

This is not feasible per AD Restrictions


Regards,
Rushikesh Vartak
0 Kudos

avinashchhetri
Saviynt Employee
Saviynt Employee
In response to Harish_Yara

‎11-28-2022 02:10 AM

The manager attribute is a DN of the user from the same domain. It will not accept a DN from another domain. Can you validate if you can do this natively in AD ?

Regards,
Avinash Chhetri
0 Kudos
Copyright © 2023 Khoros, LLC