Saviynt Forums

sarasaeed · ‎03/31/2023

There is a discrepancy between the end dates listed in Saviynt in the User page under identity repository, the user update form and in Active Directory. This is due to the fact that Saviynt is in UTC time and our AD is in EST time. The update user form also seems to be in EST. Please see below:

User Page under Identity Repository:

User Update Form:

When we put in an end date in Saviynt, the end date in AD should be updated to the same day in the End of Field under the accounts Tab in AD and in the account expires field in the attribute editor tab, it should have the next day with the time stamp of 12 AM EST.

Does anyone know how we can update this account update json to have this happen.

"accountExpires":"${if(user.enddate != null) {(10000*(user.enddate.getTime() + 11644473600000 + 86400000))} else {'0'}}",

sudeshjaiswal · ‎04/03/2023

Hi @sarasaeed,

Here's a query you can try to accomplish this:

"accountExpires":"${if(user.enddate != null) {(10000*(new java.text.SimpleDateFormat('yyyy-MM-dd').parse(user.enddate).getTime() + 11644473600000))} else {'0'}}"

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

sarasaeed · ‎04/06/2023

@sudeshjaiswal This does not work. When I use this and do an account creation: it does not set any end date.

This is the closes that I can get the times to work:

Create Account JSON
accountExpires":"${if(user.enddate != null) {(10000*(user.enddate.getTime() + 11644473600000 + 86400000 + 18000000))} else {'0'}}"

Update Account JSON
"accountExpires":"${if(user.enddate != null) {(10000*(user.enddate.getTime() + 11644473600000 + 86400000 + 14400000))} else {'0'}}",

This gives me the end date under the account tab to be the same day but the attribute editor tab has the account expires as next day at 1 am EST. I need the time to be 12 am EST.

DixshantValecha · ‎04/04/2023

Here's an update json code that you can try :-

"accountExpires":"${if(user.enddate != null) {(user.enddate.toInstant().toEpochMilli() + 11644473600000 + 86400000)*10000} else {'0'}}"

sarasaeed · ‎04/06/2023

This did not work for me.

April 28, 2023 was selected in the update user form in Saviynt. Below is what I see in AD.

sudeshjaiswal · ‎04/10/2023

Hello @sarasaeed,

Can you please try and check
${(new Date()).format('MM/dd/yy hh:mm a',TimeZone.getTimeZone("EST5EDT"))} EST

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

sarasaeed · ‎04/26/2023

@sudeshjaiswal It does not work. It did not even create the accounts or update them anymore. I get the following error message, “[LDAP: error code 21 - 00000057: LdapErr: DSID-0C090D7B, comment: Error in attribute conversion operation, data 0, v2580]”

SB · ‎04/27/2023

I want to reiterrate the problem statement here to ensure we are on the same page. The user is seeing the date in EST on the Update User form where as the date visible on the User details page is in UTC. The date getting provisioned in AD is also getting sent in UTC time.

Our requirement is to ensure the date user is selecting on Update user form page (in EST) should also be sent to AD in EST. I am assuming you have mapped the Termination Date attribute to End Date of the user table.

In order to achieve this, we can use the below format

"${user.enddate.format('MM-dd-yyyy hh:mm a',TimeZone.getTimeZone('EST5EDT'))}"

Please note: The date visible on the update user form will be visible based on the browser time zone and is not in UTC.

Regards,
Sahil

Saviynt Forums

Saviynt and AD End date Discrepancy