Saviynt Forums

ram81 · ‎03/27/2024

We are trying to populate the managers attribute in AD via the create account JSON below.

Also, The users have two accounts for the same AD endpoint. Do we need to specify the specific account on the endpoint to populate the manager attribute in AD during account provisioning and if so how?

{
"accountExpires": "0",
"c": "${user.customproperty16}",
"employeenumber": "${user.username}",
"company": "${user.companyname}",
"department": "${user.departmentname}",
"userPrincipalName": "FIM${user.username}@test.ad",
"employeeType": "Test Account",
"employeeID": "${user.owner}",
"givenName": "${user.firstname}",
"displayName": "${user.lastname}",
"manager": "${managerAccount?.accountID}",
"description": "Test Account for ${user.lastname}, ${user.firstname}",
"userAccountControl": "514",
"mail": "${user.email}",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"title": "${user.title}",
"physicalDeliveryOfficeName": "${user.location}",
"sAMAccountName": "TEST${task.accountName}",
"sn": "${user.lastname}",
"info": "Created by Saviynt Tool",
"pwdLastSet": "0"
}

rushikeshvartak · ‎03/27/2024

Please refer to the below post with similar issue.

Error in updating manager attribute in AD - Saviynt Forums - 31211

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ram81 · ‎03/27/2024

Thanks rushikeshvartak, We are not receiving an error. The account is created in AD but the manager attribute is not populated. The same applies for update account task that attempt to populate the manager attribute in AD.

rushikeshvartak · ‎03/27/2024

what is account id of manager

${managerAccount.accountID.replace('\', '###UNESCAPEBACKSLASH###')}

https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Provisioni...

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ram81 · ‎03/27/2024

The account id attribute is populated with the DN. So the managers account id would be their DN

Account ID:

i.e. CN=Test,OU=Users,OU=Management,DC=meto,DC=net

ram81 · ‎03/27/2024

Can you explain what this sytax is doing and how to modify for my use case?
${managerAccount.accountID.replace('\', '###UNESCAPEBACKSLASH###')}

rushikeshvartak · ‎03/28/2024

:

${...}: This is Groovy's string interpolation syntax. It allows you to embed Groovy expressions or variables within a string.
managerAccount.accountID: This likely refers to an attribute or property named accountID of the managerAccount object.
.replace('\', '###UNESCAPEBACKSLASH###'): This is a method call on the accountID attribute. It seems to be replacing occurrences of the backslash character \ with the string ###UNESCAPEBACKSLASH###.

The purpose of this syntax seems to be escaping backslashes in the accountID string by replacing them with ###UNESCAPEBACKSLASH###.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ram81 · ‎03/28/2024

Thank you rushikeshvartak, I dont think I need to replace backslash charachters in this particular use case. I simply need to select the correct manager.

Raghu · ‎03/27/2024

try like below:

${managerAccount.accountID}

Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

ram81 · ‎03/28/2024

Thanks but this did not work. Error below using syntax you provided.

Provisioning Comments

Error while Update operation for account in AD - Cannot get property accountID on null object

rushikeshvartak · ‎03/28/2024

what is account id of manager Provide screenshot

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ram81 · ‎03/28/2024

It is the DN of the users Active Directory account

rushikeshvartak · ‎03/28/2024

Is it possible to show value

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Raghu · ‎03/28/2024

try this :

CN=Test,OU=Users,OU=Management,DC=meto,DC=net---> Test

"manager":"${manager==null?"":manager.username}"

Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

ram81 · ‎04/04/2024

Along with Saviynt support we identified that the best approach was to disassociate the duplicate accounts with the users and run an update task to populate the manager attribute. This was not a syntax issue. Saviynt could not identify with proper account on the endpoint to pull the manager accountID from due to the duplicate accounts on the endpoint.

This resolved the issue

Saviynt Forums

Manager Attribute not populating during account creation