We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Move AD account from one OU to another when updating DepartmentName

Robbe_Cronos
Regular Contributor II
Regular Contributor II

We have a use case which states: "Move an AD account from one OU to another and add necessary access when DepartmentName updates". 

We executed this using user update rules and technical rules. We also modified the UpdateAccountJSON and the AccountNameRule in the AD connection with:

UpdateAccountJSON

"moveUsertoOU": "OU=${user.DepartmentName},OU=SaviyntUsers,DC=Saviynt,DC=local"

AccountNameRule

CN=${task.accountName},OU=${user.departmentname},OU=SaviyntUsers,DC=Saviynt,DC=local

The access is granted for the new OU and removed from the old one, but the account doesn't change OU's. 

Is there a way to fix this?

Documentation used: Active Directory (AD) Connector Guide 

Thanks in advance,

Robbe

6 REPLIES 6

rushikeshvartak
All-Star
All-Star

Can you try below

 

"moveUserToOU": "${if(user?.customproperty12.equals('Maternity Leave') || user?.customproperty12.equals('Long Leave'))'OU=SaviynTest,DC=Test,DC=com' else 'OU=Disabled Users,OU=Bocuk,OU=Saviynt Test,DC=Test,DC=com'}",


"moveUsertoOU": "${OU=user.DepartmentName,OU=SaviyntUsers,DC=Saviynt,DC=local}"


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

This unfortunately did not work. Thank you for the suggestion.

amit_krishnajit
Saviynt Employee
Saviynt Employee

Could you please try it the following way?

"moveUsertoOU": "OU=${user.departmentname},OU=SaviyntUsers,DC=Saviynt,DC=local"

Also, can you please share the logs for the WSRetry job for this task? 

 

Thanks,
Amit

This solution did not change anything noticable. We had already tried to write the names non-capitalized and capitalized. 

In attached files you can find the logs for the WSRETRYJOB we just executed. We did not find anything useful in them ourselves.

Hope this helps to solve the issue!

 

Hello Robbe,

The logs that you have shared does not have enough information to help figure out.

Could you try the logic below in your UPDATEACCOUNTJSON and then the try to process the update account task ?

"moveUsertoOU" : "${if((user?.departmentname != null && user?.departmentname != '')){'OU='+user.departmentname+',DC=myCompany,DC=org'}else{'OU=DefaultOU,DC=myCompany,DC=org'}}"

 

Please also share the logs from the provisioning run if this does not work.

 

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri

Hello Avinaschchhetri,

We tried the logic you used and after a few small changes it works! Thank you very much for the reply and the help.

Kind regards,

Robbe