Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Issue with REMOVEACCOUNTACTION for Service Accounts Endpoint

tuhink
Regular Contributor
Regular Contributor

This is for AD Service Accounts . We have a condition for REMOVEACCOUNTACTION where it will check if the validthrough (there is one dynamic attribute Validity which is storing the value in validthrough)  date is within last 90 days from todays date, it will disable the account & move to disable ou. But if the validthrough date is not within last 90 days, it will delete the account. 

I am using the below format, but everytime its executing the if condition i.e. deleting the account, its not going to the else condition even when the validthrough is set as future date.

${
Map map1 = new HashMap();
Date curDate = new Date();
Date prevDate = curDate -90;
 
if(Date.parse("dd-MM-yyyy", Validity) < prevDate.format("dd-MM-yyyy"))
{
map1.put('removeAction','DELETE');
}
else
{
map1.put('removeAction','SUSPEND');
map1.put('userAccountControl','514');
map1.put('moveUsertoOU','<disabled ou>');
map1.put('deleteAllGroups','Yes');   
}
jsonBuilder = new groovy.json.JsonBuilder(map1);
return jsonBuilder.toString();
}

Assuming that the issue is with date, I have tried to check with mutiple format. But everytime its following the IF condition.

 

Date curDate = new Date();
Date prevDate = curDate -90;
if(Date.parse("dd-MM-yyyy", Validity) < prevDate.format("dd-MM-yyyy"))
----------------------------------------------------------------------------------------------------
if((Date.parse('dd-MMM-yyyy',account.VALIDTHROUGH).getTime()) <(Calendar.getInstance().getTimeInMillis()-(90*86400000)))
----------------------------------------------------------------------------------------------------
java.time.LocalDate.parse(account.validthrough).isBefore(java.time.LocalDate.now().minusDays(90))
----------------------------------------------------------------------------------------------------
Date curDate = new Date();
Date prevDate = curDate -90;
Date.parse("dd-MM-yyyy", account.validthrough) < prevDate.format("dd-MM-yyyy")
----------------------------------------------------------------------------------------------------
Calendar todayDate = Calendar.getInstance();
todayDate.setTime(new Date());
todayDate.add(Calendar.DAY_OF_YEAR, -89);
Date prevDate = todayDate.getTime();
if(account.VALIDTHROUGH < prevDate )
----------------------------------------------------------------------------------------------------
account.VALIDTHROUGH< (currentdate.minus(365))
 
 
***If I put some other kind of check in if condition like if the account status is disabled along with the 90 days condition, its going to the else block***
***Remove Account task is getting completed & I dont see any relevant logs/output/errors in logs also***
5 REPLIES 5

rushikeshvartak
All-Star
All-Star

Map map1 = new HashMap();
Date curDate = new Date();
Date prevDate = curDate - 90;

Date validthroughDate = Date.parse("dd-MM-yyyy", Validity);

if (validthroughDate < prevDate) {
map1.put('removeAction','DELETE');
} else {
map1.put('removeAction','SUSPEND');
map1.put('userAccountControl','514');
map1.put('moveUsertoOU','<disabled ou>');
map1.put('deleteAllGroups','Yes');
}

jsonBuilder = new groovy.json.JsonBuilder(map1);
return jsonBuilder.toString();


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi @rushikeshvartak thank you for your quick response. Its not working, still the account is getting deleted. Is there a way to print/log these date type variables ?

Breaking json 😂


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

tuhink
Regular Contributor
Regular Contributor

anyone who can help/guide on this?

tuhink
Regular Contributor
Regular Contributor

For future reference, below one worked for me:

{
"removeAction": "${Calendar calendar = Calendar.getInstance(); calendar.add(Calendar.DATE, -90); if((account.validthrough.getTime() < calendar.getTimeInMillis())) {'DELETE'} else {'SUSPEND'}}",
"moveUsertoOU": "<disabled OU>",
"deleteAllGroups": "Yes",
"userAccountControl": "514"
}