Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

How to remove AD account attribute value

asp
Regular Contributor
Regular Contributor

Hi,

I need to remove the manager field value (and potentially other AD account fields) when an AD account is disabled. I have the following in my DISABLEACCOUNTJSON - 

{
"deleteAllGroups": "Yes",
"userAccountControl": "514",
"moveUsertoOU": "OU=my terminations OU......",
"description": "Disabled by EIC",
"manager": "''"
}

But this returns the following error - 

Error while Delete operation for account-xxxxxxx in AD - [LDAP: error code 32 - 00000525: NameErr: DSID-031A120B, problem 2001 (NO_OBJECT), data 0, best match of: '' ] Error while De....

I have also tried setting SUPPORTEMPTYSTRINGS to TRUE and FALSE and see same error message. 

4 REPLIES 4

saipraveengv
New Contributor III
New Contributor III

AD Will not accept manager value being null. Check with your AD team on the use case 

asp
Regular Contributor
Regular Contributor

 

There is no policy on the AD side. AD does allow the manager field to be cleared out. 

renatogiron
Saviynt Employee
Saviynt Employee

@asp , You are not sending an empty value to AD. You are actually sending two single quotes. ED expects a valid DN for manager and therefore is complaining that it is not able to find the manager account. 

You can try sending empty value:  "manager": ""

or, a null value: "manager": null

Please try and let me know how it goes. 

Set 

rushikeshvartak_1-1689552493428.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.