SAV-Error while enabling account,Error parsing JSON

asharma
Regular Contributor II
Regular Contributor II

Hi Team,

I am trying to enable the AD  account from disbaled OU and move to another OU. I am getting error - "SAV-Error while enabling account,Error parsing JSON"

Please validate if I am having correct json for ENABLEACCOUNTJSON

{
"DISABLEACCOUNTCHECKRULE": "[CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP]",
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"ATTRIBUTESTOCHECK": "{userAccountControl:514,sn:
${user.lastname},cn:
${user.firstname}",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
"{userAccountControl : 512}",
"{description : "Enabled by Saviynt"
}

 

Having samaccountname as "systemUserName"

 

Kindly suggest asap.

10 REPLIES 10

prashantChauhan
Saviynt Employee
Saviynt Employee

Hi @asharma 

There is a syntax error in your JSON. Please try with below JSON-

{
"DISABLEACCOUNTCHECKRULE": "[CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP]",
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"ATTRIBUTESTOCHECK": "{userAccountControl:514,sn:${user.lastname},cn:${user.firstname}",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
{"userAccountControl" : "512","description" : "Enabled by Saviynt"}
}

 

asharma
Regular Contributor II
Regular Contributor II

HI Prashant

I tried with provided syntax but still the error, now error is 

SAV-Error while enabling account,Cannot cast object '[CN=asharma,OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP]' with class 'java.lang.String' to class 'java.util.List'

Kindly advise the fix of this error.

prashantChauhan
Saviynt Employee
Saviynt Employee

Hi @asharma 

Looks like it expects the value as a String but gets it as a List. Can you please try with below JSON-

{
"DISABLEACCOUNTCHECKRULE": "CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"ATTRIBUTESTOCHECK": "{userAccountControl:514,sn:${user.lastname},cn:${user.firstname}",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
{"userAccountControl" : "512","description" : "Enabled by Saviynt"}
}

 

prashantChauhan
Saviynt Employee
Saviynt Employee

Also, we saw an article that suggests that an OU name with spaces in the name can cause an issue. If the previous suggestion does not work, please try to choose an OU without spaces in names if possible, or try what is recommended in the article below.

https://social.technet.microsoft.com/Forums/lync/en-US/7c5dcc44-4a7f-47d2-a579-ddcf800e30bf/ldap-que...

And if you can try once by removing this section from the JSON-

"AFTERENABLEACTIONS": {
"userAccountControl": "512",
"description": "Enabled by Saviynt"
}

 

asharma
Regular Contributor II
Regular Contributor II

It works by removing below line of code.

"USEDNFROMACCOUNT": "YES",

 

prashantChauhan
Saviynt Employee
Saviynt Employee

@asharma Can you please share the complete JSON that worked?

asharma
Regular Contributor II
Regular Contributor II

Here is the code.

{
"DISABLEACCOUNTCHECKRULE": ["CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP"],
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
{
"userAccountControl": "512",
"description": "Enabled by Saviynt"
}
}

 

I just checked in AD with that user, it is moving the account from one OU to enable OU but not updating description and UAC.

Kindly help here.

prashantChauhan
Saviynt Employee
Saviynt Employee

@asharma The above JSON has "USEDNFROMACCOUNT": "YES" as well. Is it working now even if this is included? Please confirm.

Let me check on the description and UAC. Is there any error in the logs while processing the task?

asharma
Regular Contributor II
Regular Contributor II

Hi Prashant

It's working without "USEDNFROMACCOUNT": "YES".

And, there is no error for description and UAC but it doesnot get updated in AD

Regards

prashantChauhan
Saviynt Employee
Saviynt Employee

@asharma Can you please provide the debug logs for the processing of the above task that worked? It will help in debugging the issue.

Also, I suspect that it might be an issue with the description in AFTERENABLEACTIONS. Can you please try that as well? Putting the JSON to use-

{
"DISABLEACCOUNTCHECKRULE": ["CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP"],
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "NO",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
{
"userAccountControl": "512"
}
}