Saviynt Forums

tcorcoran · ‎09/06/2022

Is there a way to reference the specific active directory OU to look at in the updateaccountjson.

We are trying to move new hires from the New Hire OU into the Employee OU before their start date.

avinashchhetri · ‎09/06/2022

You could generate an update event for the user and then use it to create an AD update account task and use the "moveUsertoOU" parameter to move the user from one OU to another.

Perhaps something like :

"moveUsertoOU" : "${if(user?.employeeType.equals('Employee') &&(user?.<generate event attribute>.equals('XYZ')))
{'OU=Employee,OU=MyCompany,DC=com'}
else if (user?.employeeType.equals('Contractor') && (user?.<generate event attribute>.equals('XYZ')) )
{'OU=Contractor,OU=MyCompany,DC=com'}
else{'OU=IDM OnBoarding,OU=MyCompany,DC=com'}}",

Regards,
Avinash Chhetri

alanbixby · ‎09/09/2022

Update: our original question seems to be an XY problem; here was our solution:

For our use case, the UPDATEACCOUNTJSON was getting triggered by a task created via an analytic, so instead of repeating the analytic query logic in the UPDATEACCOUNTJSON configuration, we only check for tasks generated by the analytic using:

${
  if (task?.source?.equals('ANALYTICS_V2') && task?.sourceId == 1234) {
    ',"moveUsertoOU": "OU=Employees,DC=company,DC=com"'
  } else {
    ''
  }
}

where the task.sourceId maps to the ANALYTICSKEY of the ANALYTICSCONFIGES table in the Data Analyzer.

Saviynt Forums

Reference AD OU with updateaccountjson