Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Looking for assistance with Advanced Active Directory AccountNameRule configuration

igorvt77
New Contributor III
New Contributor III

I have tried multiple ways to do this but I just cannot get this to work so I am looking to see if anyone has any suggestions on variables I can use to solve this issue.

I have the following Active Directory AccountNameRule config where I can trying to place the different types of account objects into different OU's.  This configuration works fine with ARS requests but when a user update rule generates an account update task then it seems to completely ignore the first 3 checks.

${ if (ServiceAccountOwnerMap.ServiceAccountType.equals('ServiceAccount')) { 'CN='+(arstasksObj?.accountName)+',OU=Service Accounts,DC=EXAMPLE,DC=COM' } else if (accountsObj.accounttype.equals('AdminAccount')) { 'CN='+(user?.firstname+' '+user?.lastname+' (Admin)')+',OU=Admins,DC=EXAMPLE,DC=COM' } else if (accountsObj.accounttype.equals('HelpDeskAccount')) { 'CN='+(user?.firstname+' '+user?.lastname+' (Resolver)')+',OU=Admins,DC=EXAMPLE,DC=COM' } else if (user?.employeeType.equals('Employee') && user?.customproperty26.equals('USCitz')) { 'CN='+user?.username+',OU=USCitz,OU=Employees,OU=CORPUSERS,DC=EXAMPLE,DC=COM' } else if (user?.employeeType.equals('Employee') && user?.customproperty26.equals('Non-USCitz')) { 'CN='+user?.username+',OU=Non-USCitz,OU=Employees,OU=CORPUSERS,DC=EXAMPLE,DC=COM' } else if (user?.employeeType.equals('NonEmployee') && user?.customproperty61.equals('PhysicalAccessOnly')) { 'CN='+user?.username+',OU=PhysicalOnlyContractors,OU=CORPUSERS,DC=EXAMPLE,DC=COM' } else if (user?.employeeType.equals('NonEmployee')) { 'CN='+user?.username+',OU=Contractors,OU=CORPUSERS,DC=EXAMPLE,DC=COM' } else { 'CN='+user?.username+',OU=MISC,OU=Employees,OU=CORPUSERS,DC=EXAMPLE,DC=COM' } }

I have also tried to use (arstasksObj?.accountName.startsWith('a_')) instead of the (accountsObj.accounttype.equals('AdminAccount')) and also the ".get" method but nothing seems to work.  The code does not seem to produce any kind of errors so I know its not a syntax problem.

Any ideas ?

3 REPLIES 3

rushikeshvartak
All-Star
All-Star

Did you tried accounts.


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

I have not tried accounts attribute but based on the fact that the service account line which is straight out of the documentation example #2 (https://docs.saviyntcloud.com/bundle/AD-v2021x/page/Content/Configuring-the-Integration-for-Provisio...) doesn't work then I'm not very confident.

Document may have typo so try with accounts object


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.