Hello,
We've encountered an issue regarding the account status within our Saviynt endpoint, and we're seeking some insights or guidance on resolving it.
We're utilizing a REST connector to interface with an on-premises Active Directory Exchange Server. Our integration involves invoking PowerShell scripts. We're employing ImportAccountEntJSON to reconcile user account statuses from the target system.
This process has been working in these areas:
- Users who should be active in the target system are successfully synced into Saviynt.
- Users who were previously manually provisioned are automatically switched to an active status upon sync.
However, we've hit a roadblock when it comes to handling accounts that are not found on the target system. According to our expectations, these accounts should be automatically switched to a SUSPENDED status in Saviynt. However, upon checking the accounts tab in the endpoint within Saviynt, we're not seeing any accounts listed as suspended.
We've double-checked our configurations and mappings, but we're still unable to determine why the suspended status isn't reflecting accurately in Saviynt.
ImportAccountEntJSON
{
"accountParams": {
"connection": "********",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "********",
"httpParams": "{\"Script\":\"\\$username = '********'; \\$password = '${connection.PS_Password}' | ConvertTo-SecureString -AsPlainText -Force; \\$mycred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ('********', \\$password); \\$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri '********' -Credential \\$mycred -Authentication kerberos; Import-PSSession \\$Session -DisableNameChecking -AllowClobber; Get-RemoteMailbox -IgnoreDefaultScope -ResultSize Unlimited | Select Name,SamAccountName,UserPrincipalName,AddressListMembership,Alias,DisplayName,PrimarySmtpAddress,Identity,Guid,RecipientType,RecipientTypeDetails,RemoteRecipientType\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpMethod": "POST"
},
"statusAndThresholdConfig": {
"statusColumn": "customproperty9",
"activeStatus": [
"ProvisionMailbox"
],
"deleteLinks": true,
"accountThresholdValue": 400,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": true
},
"keyField": "accountID",
"colsToPropsMap": {
"name": "Name~#~char",
"accountID": "SamAccountName~#~char",
"displayname": "DisplayName~#~char",
"customproperty1": "UserPrincipalName~#~char",
"customproperty2": "PrimarySmtpAddress~#~char",
"customproperty3": "Alias~#~char",
"customproperty4": "RecipientType~#~char",
"customproperty5": "RecipientTypeDetails~#~char",
"customproperty6": "Identity~#~char",
"customproperty7": "Guid~#~char",
"customproperty8": "AddressListMembership~#~char",
"customproperty9": "RemoteRecipientType~#~char"
}
}
}
}
}
Sample Powershell response for one user (running the PS script on the server):
RemoteRecipientType : ProvisionMailbox
Name : Hire60 Saviynt60
SamAccountName : hirsavi2
UserPrincipalName : hirsavi2@********.com
AddressListMembership : {\All Recipients(VLV), \Default Global Address List, \All Users}
Alias : hirsavi2
DisplayName : Hire60 Saviynt60
PrimarySmtpAddress : hirsavi2@********.com
Identity : ********.com/********/********/Hire60 Saviynt60
Guid : 5f2d60f1-991c-4ca8-9f96-945ce0ee50be
RecipientType : MailUser
RecipientTypeDetails : RemoteUserMailbox
