Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
The Saviynt Out-of-the-box connector only supports 5 values of userAccountControl but the AD implementations have many more values to define the status - for example - 1049088
Can someone please share the list of all possible active and inactive userAccountControl values to manually configure AD connection accounts status
Are you talking about provisioning use cases? Ideally, when you wish to provision a specific type of UAC, did you try by defining userAccountControl in the CreateAccountJSON itself.
Hello, No, not the provisioning, just reconciliation. The AD accounts are marked as Inactive instead of Active while importing AD accounts, resulting in accounts missing out from the recertification campaigns
Thanks for the clarification. There is no limitation from Saviynt end regarding this. You can populate as many values as need in the STATUS_THRESHOLD_CONFIG 'activeStatus' and 'inactiveStatus' block and it will perform the status change accordingly.
The discovery of what UAC can be received during imports is something that the customer will have to help you with.
@rushikeshvartak The Microsoft link doesn't have all the possible values - typical Microsoft technology 🙂 but thanks anyway
@sahajranajee Yeah I understand we can configure it every time there is a new value but that is manual effort and it's time consuming. Also, the values such as 1049088 are not customer specific. So ideally there should be a complete list somewhere but thanks anyway.
