Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

How to write ENABLEACCOUNTJSON code for AD which calculates the account attributes using logic

poonammhetre
New Contributor II
New Contributor II

Hi,

We have requirement to populate extensionAttribute1 which involves some logic. Below is the code to polulate extensionAttribute15 in ENABLEACCOUNTJSON. Can you pleas provide guidence on how to do that. With below code it is giving SAV-Error while enabling account,Error parsing JSON ERROR

 

 

{
"AFTERMOVEACTIONS": {
"userAccountControl": "512",
"extensionAttribute8":"Inactive",
"extensionAttribute10":"${user.customproperty11}",
"extensionAttribute13":"${user.customproperty15}",
"extensionAttribute14":"${user.orgunitid}",
"extensionAttribute15":"${def res= '';String[] str; str = user.customproperty12.split(',');
for( String values : str )
res =res + values.substring(values.length()-2,values.length()) + ',';
res.substring(0,res.length()-1);
}",
"extensionAttribute3":"${user.customproperty9}",
"extensionAttribute4":"${user.customproperty10}",
"extensionAttribute5":"${user.startdate.format('yyyy-MM-dd')}",
"extensionAttribute6":"${user.termDate.format('yyyy-MM-dd')}",
"extensionAttribute9":"${user.customproperty13}"
}
}

Can you please provide any pointers.?

 

Thanks,

Poonam

10 REPLIES 10

Amit_Malik
Valued Contributor II
Valued Contributor II

Hi @poonammhetre ,

are those lines in JSON by mistake added while copying here or same is used in your JSON. Try removing extra lines. See below.

{
"AFTERMOVEACTIONS": {
"userAccountControl": "512",
"extensionAttribute8": "Inactive",
"extensionAttribute10": "${user.customproperty11}",
"extensionAttribute13": "${user.customproperty15}",
"extensionAttribute14": "${user.orgunitid}",
"extensionAttribute15": "${def res= '';String[] str; str = user.customproperty12.split(','); for( String values : str ) res =res + values.substring(values.length()-2,values.length()) + ',';res.substring(0,res.length()-1);}",
"extensionAttribute3": "${user.customproperty9}",
"extensionAttribute4": "${user.customproperty10}",
"extensionAttribute5": "${user.startdate.format('yyyy-MM-dd')}",
"extensionAttribute6": "${user.termDate.format('yyyy-MM-dd')}",
"extensionAttribute9": "${user.customproperty13}"
}
}

 

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".

poonammhetre
New Contributor II
New Contributor II

@Amit_Malik  Now it is giving below error.

Checking DN for CN=${user.employeeid},OU=Staff Deprovisioning,OU=People,DC=uniwadev,DC=uwa,DC=edu,DC=au. Checking DN for CN=${user.employeeid},OU=Disabled Accounts,OU=People,DC=uniwadev,DC=uwa,DC=edu,DC=au. SAV-Error while enabling account,No account found using disable rules

EnableAccountJSON code is as below.

{
"MOVEDN": "YES",
"REMOVEGROUPS": "NO",
"DISABLEACCOUNTCHECKRULE":[ "CN=${user.employeeid},OU=Staff Deprovisioning,OU=People,DC=uniwadev,DC=uwa,DC=edu,DC=au",
"CN=${user.employeeid},OU=Disabled Accounts,OU=People,DC=uniwadev,DC=uwa,DC=edu,DC=au"],
"ENABLEACCOUNTOU": "OU=Staff,OU=People,DC=uniwadev,DC=uwa,DC=edu,DC=au",
"AFTERMOVEACTIONS": {
"userAccountControl": "512",
"extensionAttribute8":"Inactive",
"extensionAttribute10":"${user.customproperty11}",
"extensionAttribute13":"${user.customproperty15}",
"extensionAttribute14":"${user.orgunitid}",
"extensionAttribute15":"${def res= '';String[] str; str = user.customproperty12.split(','); for( String values : str ) res =res + values.substring(values.length()-2,values.length()) + ',';res.substring(0,res.length()-1);}",
"extensionAttribute3":"${user.customproperty9}",
"extensionAttribute4":"${user.customproperty10}",
"extensionAttribute5":"${user.startdate.format('yyyy-MM-dd')}",
"extensionAttribute6":"${user.termDate.format('yyyy-MM-dd')}",
"extensionAttribute9":"${user.customproperty13}"
}
}

 

I have verified that account is already present under disabled accounts OU.  Users employeeid is also populated correctly.

 

 

NM
Honored Contributor II
Honored Contributor II

@poonammhetre , disable account check rule does it have the right OU disabled one??

poonammhetre
New Contributor II
New Contributor II

@NM @Amit_Malik   same code is working fine when I remove extensionAttribute15 mapping.

{
"MOVEDN": "YES",
"REMOVEGROUPS": "NO",
"DISABLEACCOUNTCHECKRULE":[ "CN=${user.employeeid},OU=Staff Deprovisioning,OU=People,DC=uniwadev,DC=uwa,DC=edu,DC=au",
"CN=${user.employeeid},OU=Disabled Accounts,OU=People,DC=uniwadev,DC=uwa,DC=edu,DC=au"],
"ENABLEACCOUNTOU": "OU=Staff,OU=People,DC=uniwadev,DC=uwa,DC=edu,DC=au",
"AFTERMOVEACTIONS": {
"userAccountControl": "512",
"extensionAttribute8":"Inactive",
"extensionAttribute10":"${user.customproperty11}"
"extensionAttribute13":"${user.customproperty15}",
"extensionAttribute14":"${user.orgunitid}",
"extensionAttribute3":"${user.customproperty9}",
"extensionAttribute4":"${user.customproperty10}",
"extensionAttribute5":"${user.startdate.format('yyyy-MM-dd')}",
"extensionAttribute6":"${user.termDate.format('yyyy-MM-dd')}",
"extensionAttribute9":"${user.customproperty13}"
}
}

It looks like something is wrong with extensionAttribute15 logic is wrong.

Amit_Malik
Valued Contributor II
Valued Contributor II

try adding return res

${def res= '';String[] str; str = user.customproperty12.split(','); for( String values : str ) res =res + values.substring(values.length()-2,values.length()) + ',';res.substring(0,res.length()-1);return res;}

 

${def res= 'abc'; return res;} , just to check if it will work in enable account JSON.

It can work using JSON builder

search jsonbuider - https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Provisioni...

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".

Spoiler
{
  "AFTERMOVEACTIONS": {
    "userAccountControl": "512",
    "extensionAttribute8": "Inactive",
    "extensionAttribute10": "${user.customproperty11}",
    "extensionAttribute13": "${user.customproperty15}",
    "extensionAttribute14": "${user.orgunitid}",
    "extensionAttribute15": "${String res = \"\"; String[] str = user.customproperty12.split(\",\"); for (String values : str) { res += values.substring(values.length() - 2) + \",\"; } res.substring(0, res.length() - 1);}",
    "extensionAttribute3": "${user.customproperty9}",
    "extensionAttribute4": "${user.customproperty10}",
    "extensionAttribute5": "${user.startdate.format('yyyy-MM-dd')}",
    "extensionAttribute6": "${user.termDate.format('yyyy-MM-dd')}",
    "extensionAttribute9": "${user.customproperty13}"
  }
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

@rushikeshvartak  This code is not working. getting below error.

SAV-Error while enabling account,Failed to parse template script (your template may contain an error or be trying to use expressions not currently supported): startup failed: SimpleTemplateScript10385.groovy: 3: unexpected char: '\' @ line 3, column 92. tribute15\": \"${String res = \"\"; Stri ^ 1 error

{
  "AFTERMOVEACTIONS": {
    "userAccountControl": "512",
    "extensionAttribute8": "Inactive",
    "extensionAttribute10": "${user.customproperty11}",
    "extensionAttribute13": "${user.customproperty15}",
    "extensionAttribute14": "${user.orgunitid}",
    "extensionAttribute15": "${def res = ''; def str = user.customproperty12.split(','); str.each { res += it.substring(it.length() - 2) + ',' }; res.substring(0, res.length() - 1)}",
    "extensionAttribute3": "${user.customproperty9}",
    "extensionAttribute4": "${user.customproperty10}",
    "extensionAttribute5": "${user.startdate.format('yyyy-MM-dd')}",
    "extensionAttribute6": "${user.termDate.format('yyyy-MM-dd')}",
    "extensionAttribute9": "${user.customproperty13}"
  }
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

poonammhetre
New Contributor II
New Contributor II

@rushikeshvartak @Amit_Malik @NM 

When I used below code, enable account tasks completed successfully. But when I checked the value of extensionAttribute15 , it shows SimpleTemplateScript10477$_run_closure1@347ce005

{"MOVEDN": "YES","REMOVEGROUPS": "NO","DISABLEACCOUNTCHECKRULE":[ "CN=${user.employeeid},OU=Staff Deprovisioning,OU=People,DC=uniwadev,DC=uwa,DC=edu,DC=au","CN=${user.employeeid},OU=Disabled Accounts,OU=People,DC=uniwadev,DC=uwa,DC=edu,DC=au"], "ENABLEACCOUNTOU": "OU=Staff,OU=People,DC=uniwadev,DC=uwa,DC=edu,DC=au",
"AFTERMOVEACTIONS": {"userAccountControl": "512","extensionAttribute8":"Inactive","extensionAttribute10":"${user.customproperty11}","extensionAttribute13": "${user.customproperty15}",
"extensionAttribute14": "${user.orgunitid}","extensionAttribute15": "${def res = ''; String[] str = user.customproperty12.split(','); for (String values : str)res = res + values.substring(values.length() - 2) + ','; def finalStr = res.substring(0, res.length() - 1); return finalStr;}"}}

 

Do you have any pointers on this ?

Amit_Malik
Valued Contributor II
Valued Contributor II

@poonammhetre , can you do it one by one.

"extensionAttribute15": "${def res = ''; res='abc' ; return res ;}"

"extensionAttribute15": "${def res = ''; String[] str = user.customproperty12.split(','),res=str[0] ; return res ;}"

so on.. Or have you done it already ? 

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".