We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

random password not working on AD account creation

Ankyt19
Regular Contributor
Regular Contributor

Hi Team,

 

I have configured SETRANDOMPASSWORD= TRUE parameter in AD connection . Also it is sending random password as well as per password policy added in connection ...account is created in AD correctly..but when logging in qusing another LDAP browser using the password set on account creation , login is not working .

 

Any idea why it is ? It was working before ..but failing now ..no changes made its completely same setup .

 

@rushikeshvartak @avinashchhetri 

14 REPLIES 14

sk
All-Star
All-Star

What is your createAccountJSON?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

rushikeshvartak
All-Star
All-Star

Did you set reset  password on firsttime  login


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

avinashchhetri
Saviynt Employee
Saviynt Employee

@Ankyt19 ,

If  you have configured the new accounts to change password on first login, then first time logging in from the LDAP Browser does not work.

Try logging through a remote session or some other means to validate.

 

 

Regards,
Avinash Chhetri

Ankyt19
Regular Contributor
Regular Contributor

It is unchecked .still not working

Share JSON


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Ankyt19
Regular Contributor
Regular Contributor

Hi @rushikeshvartak  ,

you mean create account json?

 

Yes


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Harish_Yara
New Contributor III
New Contributor III

@rushikeshvartak  pls find the below CREATE ACCOUNT JSON
{
"co":"${if(null!=user.customproperty24){user.customproperty24}else{''}}",
"employeeNumber":"${if(null!=user.username && user.employeeType.equals('Internal Employee')){user.username}else{''}}",
"employeeID":"${if(null!=user.username && user.employeeType.equals('Internal Employee')){user.username}else{''}}",
"department":"${if(null!=user.customproperty33){user.customproperty33}else{''}}",
"employeeType":"${if(null!=user.employeeType){user.employeeType}else{''}}",
"givenName":"${if(null!=user.customproperty41){user.customproperty41}else{''}}",
"ExtensionAttribute7":"${user.username}",
"sAMAccountName":"${if(user.employeeType.equals('Internal Employee')&& null!=user.employeeid){user.employeeid}else{'A_'+user.systemUserName}}",
"sn":"${if(null!=user.customproperty42){user.customproperty42}else{''}}",
"title":"${if(null!=user.jobcodedesc){user.jobcodedesc}else{''}}",
"userPrincipalName":"${user.customproperty44+'@ABC.com'}",
"physicalDeliveryOfficeName":"${if(user.employeeType.equals('Managed Contractor')){user.city} else{''}}",
"company":"${if(null!=user.customproperty54){user.customproperty54}else{''}}",
"manager":"${managerAccount==null?'':managerAccount.accountID}",
"streetAddress":"${if(null!=user.street){user.street}else{''}}",
"comment":"${if(null!=user.comments){user.comments}else{''}}",
"objectClass": ["top","person","organizationalPerson","user"],
"accountExpires": "${if(user.employeeType.equals('Managed Contractor')) {Long.toString(10000*(user.enddate.getTime() + 11644473600000+122400000))} else{'0'}}",
"description":"User Created via Saviynt",
"pwdLastSet":"-1"
}

 

I see you are resetting password once its set pwdLastSet


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Try below JSON

{
"co":"${if(null!=user.customproperty24){user.customproperty24}else{''}}",
"employeeNumber":"${if(null!=user.username && user.employeeType.equals('Internal Employee')){user.username}else{''}}",
"employeeID":"${if(null!=user.username && user.employeeType.equals('Internal Employee')){user.username}else{''}}",
"department":"${if(null!=user.customproperty33){user.customproperty33}else{''}}",
"employeeType":"${if(null!=user.employeeType){user.employeeType}else{''}}",
"givenName":"${if(null!=user.customproperty41){user.customproperty41}else{''}}",
"ExtensionAttribute7":"${user.username}",
"sAMAccountName":"${if(user.employeeType.equals('Internal Employee')&& null!=user.employeeid){user.employeeid}else{'A_'+user.systemUserName}}",
"sn":"${if(null!=user.customproperty42){user.customproperty42}else{''}}",
"title":"${if(null!=user.jobcodedesc){user.jobcodedesc}else{''}}",
"userPrincipalName":"${user.customproperty44+'@ABC.com'}",
"physicalDeliveryOfficeName":"${if(user.employeeType.equals('Managed Contractor')){user.city} else{''}}",
"company":"${if(null!=user.customproperty54){user.customproperty54}else{''}}",
"manager":"${managerAccount==null?'':managerAccount.accountID}",
"streetAddress":"${if(null!=user.street){user.street}else{''}}",
"comment":"${if(null!=user.comments){user.comments}else{''}}",
"objectClass": ["top","person","organizationalPerson","user"],
"accountExpires": "${if(user.employeeType.equals('Managed Contractor')) {Long.toString(10000*(user.enddate.getTime() + 11644473600000+122400000))} else{'0'}}",
"description":"User Created via Saviynt",
"pwdLastSet":"0",

"userPassword": " ${randomPassword}"
}


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Mk
New Contributor II
New Contributor II

Hi @rushikeshvartak ,

1. Can I understand how you got to that conclusion? Is it bcz of we're sending pwdlastset = -1?

FYU, we've also tried pwdlastset =0 and also removing this attribute entirely. But still we're facing same issue.

2. Let me explain the issue completely.

We're creating AD account --> Exchange account --> And other applications & License assignments. We're trying to send the pwd after all the user onboarding is completed via email at end point level with task.password using change password action type. We're able to receive new password but not able to login to 'office.com'.

In order to validate, we tried logging to 'office.com' using the initial password (ie., pwd generated at the time of AD account creation) we're able to login to 'office.com'. But we're not able to login with the new pwd after doing change password action.

It clearly says change password is not working do u see any logs ?

how do u trigger change password ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Mk
New Contributor II
New Contributor II

We're triggering change password via User update rule.

And for logs,we don't see any error.

Please share logs


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.