Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Primary AD Accounts bulk update

glegault
New Contributor III
New Contributor III

Hi,

We would like to be able to bulk update (for current and future accounts) our primary AD accounts account type to Primary in order to configure our AD Endpoint Primary Account Type to Primary. This is to make sure Birthright rules apply only to primary accounts.

In our environment, the systemusername property on identities is equal to the AD account name of the primary account for all our users.

Would it be possible to share the high-level steps required to automatically update the account type to Primary for all accounts where the user systemusername associated to the account is equal to the account name?

Thank you for the help,

4 REPLIES 4

PremMahadikar
Valued Contributor
Valued Contributor

Hi @glegault ,

The below solution works if you are using S4S DB connector. (Refer - Solved: Re: How can we bulk update "Account Type" attribut... - Saviynt Forums - 18694)

  • First do AD accounts import
  • Write Sav to Sav to change the account type based on your logic/requirement. Below is the sample of the Sav to Sav ACCOUNTSIMPORT JSON. You can use this as base and modify it as per your requirement.

 

<![CDATA[Select a.name as name, s.SYSTEMNAME as securitysystem,e.ENDPOINTNAME as endpoint,
(CASE
WHEN a.endpointkey=30 THEN 'Primary Account'
WHEN a.endpointkey=70 THEN 'Disabled Account'
WHEN a.endpointkey IN(200,210) THEN 'Service Account'
WHEN a.endpointkey IN(80,90,100,110,120) THEN 'Privileged Account'
END) as accounttypename
from Accounts a
inner join user_accounts ua on ua.accountkey=a.accountkey
inner join users u on ua.userkey=u.userkey
inner join endpoints e on e.endpointkey=a.endpointkey
inner join securitysystems s on s.systemkey=e.SECURITYSYSTEMKEY
where a.endpointkey IN(30,70) and u.systemusername=a.name]]>
</sql-query>


<mapper description="This is the mapping field for SAviynt Field name" deleteaccountentitlement="true" ifusernotexists="noaction">
<mapfield saviyntproperty="accounts.name" sourceproperty="name" type="character"></mapfield>
<mapfield saviyntproperty="accounts.accounttype" sourceproperty="accounttypename" type="character"></mapfield>
<mapfield saviyntproperty="endpoints.endpointname" sourceproperty="endpoint" type="character"></mapfield>
<mapfield saviyntproperty="securitysystems.systemname" sourceproperty="securitysystem" type="character"></mapfield>
</mapper>
  • When you schedule jobs, first run the account import job and post that run your Sav to Sav DB import job. You can also use trigger chain here.

 

If this helps, please select Accept As Solution and hit Kudos

Hi PremMahadikar,

Thank you for the information. We will look into this at some point in the future but not for the next few weeks, I am keeping your JSON sample as I think it could be used for our needs after some changes to fit our environment needs. Thank you.

rushikeshvartak
All-Star
All-Star

You can update account type using account import sheet one time.

https://forums.saviynt.com/t5/identity-governance/how-can-we-bulk-update-quot-account-type-quot-attr... 

https://forums.saviynt.com/t5/identity-governance/adding-service-account-owner-using-csv-file/m-p/94... 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi rushikeshvartak,

Thank you for the information. I will look at the provided articles but I think the JSON sample provided by PremMahadikar should allow us to accomplish what we are trying to do even if I cannot test this and confirm at this point.