Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAV-Error while enabling account,Error parsing JSON

asharma
Regular Contributor II
Regular Contributor II

‎06/01/2023 10:03 AM

Hi Team,

I am trying to enable the AD  account from disbaled OU and move to another OU. I am getting error - "SAV-Error while enabling account,Error parsing JSON"

Please validate if I am having correct json for ENABLEACCOUNTJSON

{
"DISABLEACCOUNTCHECKRULE": "[CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP]",
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"ATTRIBUTESTOCHECK": "{userAccountControl:514,sn:
${user.lastname},cn:
${user.firstname}",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
"{userAccountControl : 512}",
"{description : "Enabled by Saviynt"
}

 

Having samaccountname as "systemUserName"

 

Kindly suggest asap.

Labels:
0 Kudos
10 REPLIES 10

prashantChauhan
Saviynt Employee
Saviynt Employee

‎06/02/2023 12:54 AM

Hi @asharma 

There is a syntax error in your JSON. Please try with below JSON-

{
"DISABLEACCOUNTCHECKRULE": "[CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP]",
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"ATTRIBUTESTOCHECK": "{userAccountControl:514,sn:${user.lastname},cn:${user.firstname}",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
{"userAccountControl" : "512","description" : "Enabled by Saviynt"}
}

 

0 Kudos

asharma
Regular Contributor II
Regular Contributor II
In response to prashantChauhan

‎06/02/2023 01:17 AM

HI Prashant

I tried with provided syntax but still the error, now error is 

SAV-Error while enabling account,Cannot cast object '[CN=asharma,OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP]' with class 'java.lang.String' to class 'java.util.List'

Kindly advise the fix of this error.

0 Kudos

prashantChauhan
Saviynt Employee
Saviynt Employee

‎06/06/2023 01:16 AM

Hi @asharma 

Looks like it expects the value as a String but gets it as a List. Can you please try with below JSON-

{
"DISABLEACCOUNTCHECKRULE": "CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"ATTRIBUTESTOCHECK": "{userAccountControl:514,sn:${user.lastname},cn:${user.firstname}",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
{"userAccountControl" : "512","description" : "Enabled by Saviynt"}
}

 

0 Kudos

prashantChauhan
Saviynt Employee
Saviynt Employee

‎06/06/2023 01:21 AM

Also, we saw an article that suggests that an OU name with spaces in the name can cause an issue. If the previous suggestion does not work, please try to choose an OU without spaces in names if possible, or try what is recommended in the article below.

https://social.technet.microsoft.com/Forums/lync/en-US/7c5dcc44-4a7f-47d2-a579-ddcf800e30bf/ldap-que...

And if you can try once by removing this section from the JSON-

"AFTERENABLEACTIONS": {
"userAccountControl": "512",
"description": "Enabled by Saviynt"
}

 

0 Kudos

asharma
Regular Contributor II
Regular Contributor II
In response to prashantChauhan

‎06/06/2023 02:30 AM

It works by removing below line of code.

"USEDNFROMACCOUNT": "YES",

 

0 Kudos

prashantChauhan
Saviynt Employee
Saviynt Employee

‎06/06/2023 06:24 AM

@asharma Can you please share the complete JSON that worked?

0 Kudos

asharma
Regular Contributor II
Regular Contributor II

‎06/06/2023 07:42 AM

Here is the code.

{
"DISABLEACCOUNTCHECKRULE": ["CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP"],
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
{
"userAccountControl": "512",
"description": "Enabled by Saviynt"
}
}

 

I just checked in AD with that user, it is moving the account from one OU to enable OU but not updating description and UAC.

Kindly help here.

0 Kudos

prashantChauhan
Saviynt Employee
Saviynt Employee

‎06/06/2023 10:55 PM

@asharma The above JSON has "USEDNFROMACCOUNT": "YES" as well. Is it working now even if this is included? Please confirm.

Let me check on the description and UAC. Is there any error in the logs while processing the task?

0 Kudos

asharma
Regular Contributor II
Regular Contributor II
In response to prashantChauhan

‎06/06/2023 11:23 PM

Hi Prashant

It's working without "USEDNFROMACCOUNT": "YES".

And, there is no error for description and UAC but it doesnot get updated in AD

Regards

0 Kudos

prashantChauhan
Saviynt Employee
Saviynt Employee

‎06/07/2023 01:42 AM

@asharma Can you please provide the debug logs for the processing of the above task that worked? It will help in debugging the issue.

Also, I suspect that it might be an issue with the description in AFTERENABLEACTIONS. Can you please try that as well? Putting the JSON to use-

{
"DISABLEACCOUNTCHECKRULE": ["CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP"],
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "NO",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
{
"userAccountControl": "512"
}
}

 

0 Kudos
Copyright © 2024 Khoros, LLC