Saviynt Forums

vermilyacd1 · ‎10/10/2022

Is it possible to map user attributes from AD without setting the username in the mapping? I only want to pull in email and phone number, with the reconciliation field set to the systemUserName, but the errors in the log indicate username MUST be mapped. Is this true? If so, why? In my scenario, username will never map to an AD attribute.

USER_IMPORT JSON:

[
EMAIL::mail#String,
SECONDARYPHONE::telephoneNumber#String,
RECONCILATION_FIELD::SYSTEMUSERNAME,
SYSTEMUSERNAME::sAMAccountName#String
]

User Import Task has the reconciliation field set to systemUserName:

Log Error:

{"log":"2022-10-11 02:00:59,273 [quartzScheduler_Worker-1] ERROR services.AdImportService - AD attribute: null mapped to username is null. User data: [mail:<redacted>, nameinnamespace:CN=<redacted>, sAMAccountName:<redacted>]\n","stream":"stdout","time":"2022-10-11T02:00:59.273969651Z"}

avinashchhetri · ‎10/11/2022

Hello @vermilyacd1,

The UserName field is a mandatory attribute during AD User Import. I do not know the answer to your question as to why but Ive done some tests in the past couple of weeks and have reached the same conclusion.

Regards,
Avinash Chhetri

vermilyacd1 · ‎10/11/2022

That's frustrating if that's the case. It's fairly common to have a username from HR that does not map to AD. The username is not the employeeID.

Saviynt Forums

Map USER_IMPORT for AD Without Username