Saviynt Forums

Ajaykoppula · ‎04/14/2024

Hi everyone,

We're currently working on integrating Active Directory using the ADSI connector, and we have a requirement to populate extensionAttributes in AD. However, we've encountered an issue where the AD account is being created but fails to populate the extensionAttribute.

Here's the JSON we're using:

{
"objects": [
{
"objectClasses": [
"user",
"top",
"Person",
"OrganizationalPerson"
],
"attributes": {
"cn": "${user?.displayname.replace(',', '\\\\,')?.replace('/','\\/')}",
"displayName": "${user?.displayname.replace(',', '\\\\,')?.replace('/','\\/')}",
"sAMAccountName": "${user?.customproperty2}",
"extensionAttribute3": "${user?.username}",
"initials": "${if (user?.middlename == null || user?.middlename == '') {''} else {user?.middlename}}",
"givenName": "${if (user?.preferedFirstName == null || user?.preferedFirstName == '' ) {user?.firstname} else {user?.preferedFirstName}}",
"sn": "${if (user?.customproperty1 == null || user?.customproperty1 == '' ) {user.lastname} else {user?.customproperty1}}"
}
}
]
}

we're encountering the following error:
status:Success, message:Improper/Malformed data is passed to some attribute(s). | Processing additional object classes failed. | Please check the data sent to extensionAttribute3., messageCodes:OBJ_ERR_MSG_00013 | OBJ_ERR_MSG_00014 | OBJ_INFO_MSG_00005, errorDetails:OBJ_ERR_MSG_00013 : -2147016651 : The server is unwilling to process the request. : 0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0

Could someone please help us identify what might be causing this issue? We'd greatly appreciate any insights or suggestions.

Thank you!

Manu269 · ‎04/14/2024

@Ajaykoppula Can you try this please :

"${user.username}",

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

Ajaykoppula · ‎04/14/2024

Hi Manish,
I have tried it, still it gives me the same error..

status:Success, message:Improper/Malformed data is passed to some attribute(s). | Processing additional object classes failed. | Please check the data sent to extensionAttribute3., messageCodes:OBJ_ERR_MSG_00013 | OBJ_ERR_MSG_00014 | OBJ_INFO_MSG_00005, errorDetails:OBJ_ERR_MSG_00013 : -2147016651 : The server is unwilling to process the request. : 0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0

Raghu · ‎04/14/2024

add null check and try it

"attributes": {
"cn": "${user.displayname.replace(',', '\\\\,')?.replace('/','\\/')}",
"displayName": "${user.displayname.replace(',', '\\\\,')?.replace('/','\\/')}",
"sAMAccountName": "${user.customproperty2 != null ? user.customproperty2 : 'null'}",
"extensionAttribute3": "${user.username != null ? user.username : 'null'}",
"initials": "${if (user.middlename == null || user.middlename == '') {''} else {user.middlename}}",
"givenName": "${if (user.preferedFirstName == null || user.preferedFirstName == '' ) {user.firstname} else {user.preferedFirstName}}",
"sn": "${if (user.customproperty1 == null || user.customproperty1 == '' ) {user.lastname} else {user.customproperty1}}"
}

Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

shaligramc · ‎04/14/2024

Hi Ajay,

The error indicates that the target system (AD in this case) is not accepting the value sent in extensionAttribute3. Please verify on AD end, if there is any restriction (special chars, length of the data, etc) on the data/value it can take. You can see sample values of this attribute on AD side as well for existing accounts and compare with what is being sent.

Thanks,

Shaligram Choudhary

Ajaykoppula · ‎04/14/2024

Hi Shaligram Choudhary,

I tried to pass "x10000008" this from AD itself then it is allowed, but when i'm trying to pass "x10000007" from Saviynt it is giving me the issue...

Thanks,
Ajay

vivek9237 · ‎04/15/2024

@Ajaykoppula Can you hardcode the value of extensionAttribute3 and try?

{
  "objects": [
    {
      "objectClasses": [
        "user",
        "top",
        "Person",
        "OrganizationalPerson"
      ],
      "attributes": {
        "cn": "${user?.displayname.replace(',', '\\\\,')?.replace('/','\\/')}",
        "displayName": "${user?.displayname.replace(',', '\\\\,')?.replace('/','\\/')}",
        "sAMAccountName": "${user?.customproperty2}",
        "extensionAttribute3": "x10000007",
        "initials": "${if (user?.middlename == null || user?.middlename == '') {''} else {user?.middlename}}",
        "givenName": "${if (user?.preferedFirstName == null || user?.preferedFirstName == '' ) {user?.firstname} else {user?.preferedFirstName}}",
        "sn": "${if (user?.customproperty1 == null || user?.customproperty1 == '' ) {user.lastname} else {user?.customproperty1}}"
      }
    }
  ]
}

Regards,

Vivek Mohanty

If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Ajaykoppula · ‎04/15/2024

Hi Vivek

Have tried by passing the value hardcoded, still it's the same error.
Thanks,
Ajay

rushikeshvartak · ‎04/15/2024

Are you able to import extensionAttribute3

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

Issue with ADSI Connector: extensionAttribute3 Population Failure in Active Directory