and more in a single search tool across platforms. Read the announcement here. |
06/01/2023 10:03 AM
Hi Team,
I am trying to enable the AD account from disbaled OU and move to another OU. I am getting error - "SAV-Error while enabling account,Error parsing JSON"
Please validate if I am having correct json for ENABLEACCOUNTJSON
{
"DISABLEACCOUNTCHECKRULE": "[CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP]",
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"ATTRIBUTESTOCHECK": "{userAccountControl:514,sn:
${user.lastname},cn:
${user.firstname}",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
"{userAccountControl : 512}",
"{description : "Enabled by Saviynt"
}
Having samaccountname as "systemUserName"
Kindly suggest asap.
06/02/2023 12:54 AM
Hi @asharma
There is a syntax error in your JSON. Please try with below JSON-
{
"DISABLEACCOUNTCHECKRULE": "[CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP]",
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"ATTRIBUTESTOCHECK": "{userAccountControl:514,sn:${user.lastname},cn:${user.firstname}",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
{"userAccountControl" : "512","description" : "Enabled by Saviynt"}
}
06/02/2023 01:17 AM
HI Prashant
I tried with provided syntax but still the error, now error is
SAV-Error while enabling account,Cannot cast object '[CN=asharma,OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP]' with class 'java.lang.String' to class 'java.util.List'
Kindly advise the fix of this error.
06/06/2023 01:16 AM
Hi @asharma
Looks like it expects the value as a String but gets it as a List. Can you please try with below JSON-
{
"DISABLEACCOUNTCHECKRULE": "CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"ATTRIBUTESTOCHECK": "{userAccountControl:514,sn:${user.lastname},cn:${user.firstname}",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
{"userAccountControl" : "512","description" : "Enabled by Saviynt"}
}
06/06/2023 01:21 AM
Also, we saw an article that suggests that an OU name with spaces in the name can cause an issue. If the previous suggestion does not work, please try to choose an OU without spaces in names if possible, or try what is recommended in the article below.
And if you can try once by removing this section from the JSON-
"AFTERENABLEACTIONS": {
"userAccountControl": "512",
"description": "Enabled by Saviynt"
}
06/06/2023 02:30 AM
It works by removing below line of code.
"USEDNFROMACCOUNT": "YES",
06/06/2023 06:24 AM
@asharma Can you please share the complete JSON that worked?
06/06/2023 07:42 AM
Here is the code.
{
"DISABLEACCOUNTCHECKRULE": ["CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP"],
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "YES",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
{
"userAccountControl": "512",
"description": "Enabled by Saviynt"
}
}
I just checked in AD with that user, it is moving the account from one OU to enable OU but not updating description and UAC.
Kindly help here.
06/06/2023 10:55 PM
@asharma The above JSON has "USEDNFROMACCOUNT": "YES" as well. Is it working now even if this is included? Please confirm.
Let me check on the description and UAC. Is there any error in the logs while processing the task?
06/06/2023 11:23 PM
Hi Prashant
It's working without "USEDNFROMACCOUNT": "YES".
And, there is no error for description and UAC but it doesnot get updated in AD
Regards
06/07/2023 01:42 AM
@asharma Can you please provide the debug logs for the processing of the above task that worked? It will help in debugging the issue.
Also, I suspect that it might be an issue with the description in AFTERENABLEACTIONS. Can you please try that as well? Putting the JSON to use-
{
"DISABLEACCOUNTCHECKRULE": ["CN=${user.systemUserName},OU=DisabledUsers,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP"],
"ENABLEACCOUNTOU": "OU=UserAcct,OU=Test User Accounts,DC=HLB,DC=HI,DC=CORP",
"REMOVEGROUPS": "NO",
"USEDNFROMACCOUNT": "NO",
"MOVEDN": "YES",
"AFTERENABLEACTIONS":
{
"userAccountControl": "512"
}
}