Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Service Account Name change

Go to solution
krishna_sk
New Contributor III
New Contributor III

‎06/26/2023 11:39 PM

Hi all,

We are working on Service Account use case provisioning/Deprovision/Modify through ARS> Manage Service Account.

 

We had a use case to modify the Service Account Name, We don't see an option to Change the Account Name through Modify Service Account option.

We even tried to change the account name at the AD end and tried importing the accounts and the following happened.
 

  1. A New Account is created with the Same OBJECTGUID and with the new Account Name, CN & SamAccountName. But the Account type & Owner details are getting removed.
  2. The existing account status is changed to ‘Suspended from import service’ with the same OBJECTGUID. Account type & Owner details are kept as it is.

Could you please let us know is this a expected Saviynt behavior and any feasibility to modify the account name for Service Account.

Appreciate your help!

Thank You.

Labels:
0 Kudos
7 REPLIES 7

Go to solution
vivekmohanty_pm
Saviynt Employee
Saviynt Employee

‎06/27/2023 12:01 AM

@krishna_sk Can you share your ACCOUNT_ATTRIBUTE connection parameter?

What is your RECONCILATION_FIELD set to?

0 Kudos

Go to solution
krishna_sk
New Contributor III
New Contributor III

‎06/27/2023 11:35 PM

Hi Vivek,

 

Below is the Account_Attribute we are using and OBJECTGUID is the Reconciliation field we are using.

 

[ACCOUNTID::distinguishedName#String,
name::sAMAccountName#String,
CUSTOMPROPERTY30::userAccountControl#String,
UPDATEDATE::whenChanged#date,
LASTLOGONDATE::lastLogon#millisec,
CREATED_ON::whenCreated#date,
CUSTOMPROPERTY1::objectGUID#Binary,
CUSTOMPROPERTY2::distinguishedName#String,
CUSTOMPROPERTY3::employeeID#String,
CUSTOMPROPERTY4::cn#String,
CUSTOMPROPERTY5::givenName#String,
CUSTOMPROPERTY6::sn#String,
CUSTOMPROPERTY7::displayName#String,
CUSTOMPROPERTY8::department#String,
CUSTOMPROPERTY9::title#String,
CUSTOMPROPERTY10::mail#String,
CUSTOMPROPERTY11::mobile#String,
CUSTOMPROPERTY12::telephoneNumber#String,
CUSTOMPROPERTY13::streetAddress#String,
CUSTOMPROPERTY14::st#String,
CUSTOMPROPERTY15::postalCode#String,
CUSTOMPROPERTY16::co#String,
CUSTOMPROPERTY17::c#String,
CUSTOMPROPERTY18::l#String,
CUSTOMPROPERTY19::physicalDeliveryOfficeName#String,
CUSTOMPROPERTY20::userPrincipalName#String,
CUSTOMPROPERTY21::manager#String,
CUSTOMPROPERTY22::company#String,
CUSTOMPROPERTY23::employeeNumber#String,
CUSTOMPROPERTY24::managerUPN#String,
CUSTOMPROPERTY25::employeeType#String,
CUSTOMPROPERTY32::msDS-cloudExtensionAttribute11#String,
CUSTOMPROPERTY33::msDS-cloudExtensionAttribute12#String,
CUSTOMPROPERTY35::info#String,
CUSTOMPROPERTY36::msDS-cloudExtensionAttribute10#String
RECONCILATION_FIELD::CUSTOMPROPERTY1]

 

Thank you.

0 Kudos

Go to solution
vivekmohanty_pm
Saviynt Employee
Saviynt Employee

‎06/28/2023 02:52 AM

@krishna_sk can you please explain more on this point?

"A New Account is created with the same OBJECTGUID and with the new Account Name, CN & SamAccountName. But the Account type & Owner details are getting removed."

can you please explain how a new account is created with the same objectGUID? 
objectGUID is a unique attribute and is auto-generated by AD. How a newly created account is getting the same objectGUID as the existing account?

0 Kudos

Go to solution
krishna_sk
New Contributor III
New Contributor III
In response to vivekmohanty_pm

‎06/28/2023 11:28 PM

Hi @vivekmohanty_pm ,

 

At the AD end, there is only one account. But in Saviynt it is creating a Duplicate account with same OBJECTGUID whenever we make a change to the 'ServiceAccount Name' at the AD end and run the reconciliation.

Please let me know if the above answer helps or needed any further information.

 

Thank you.

0 Kudos

Go to solution
vivekmohanty_pm
Saviynt Employee
Saviynt Employee

‎07/01/2023 11:12 PM

@krishna_sk can you share your EIC version?

Also, where are you able to see the accounts? in the Service Account Management page or in the Endpoints > Accounts page?

0 Kudos

Go to solution
krishna_sk
New Contributor III
New Contributor III

‎07/03/2023 08:29 PM

Hi @vivekmohanty_pm ,

Saviynt v2020.1.2 is the version we are using. 

We are seeing the accounts under Endpoints>Accounts page and not in ARS > Manage Service Accounts (as only active accounts will be visible here).

Some more details to this, The account is getting updated successfully when we change the account attributes (CN,Firstname,SN,Displayname etc.,) at AD end and by running recon job expect SamAccountName (which is mapped to AccountName in Saviynt). It is happening only for the accounts which are managed through ARS > Manage Service Accounts tile but not for the accounts managed through ARS > Request Access for self/others.

PLease let me know if you need any further information.

 

Thank you.

0 Kudos

Go to solution
krishna_sk
New Contributor III
New Contributor III

‎09/21/2023 03:25 AM

There was a syntax isuse in the ACCOUNT_ATTRIBUTE which misses a comma (,). After updating the syntax , the issue got resolved.

[ACCOUNTID::distinguishedName#String,
name::sAMAccountName#String,
CUSTOMPROPERTY30::userAccountControl#String,
UPDATEDATE::whenChanged#date,
LASTLOGONDATE::lastLogon#millisec,
CREATED_ON::whenCreated#date,
CUSTOMPROPERTY1::objectGUID#Binary,
CUSTOMPROPERTY2::distinguishedName#String,
CUSTOMPROPERTY3::employeeID#String,
CUSTOMPROPERTY4::cn#String,
CUSTOMPROPERTY5::givenName#String,
CUSTOMPROPERTY6::sn#String,
CUSTOMPROPERTY7::displayName#String,
CUSTOMPROPERTY8::department#String,
CUSTOMPROPERTY9::title#String,
CUSTOMPROPERTY10::mail#String,
CUSTOMPROPERTY11::mobile#String,
CUSTOMPROPERTY12::telephoneNumber#String,
CUSTOMPROPERTY13::streetAddress#String,
CUSTOMPROPERTY14::st#String,
CUSTOMPROPERTY15::postalCode#String,
CUSTOMPROPERTY16::co#String,
CUSTOMPROPERTY17::c#String,
CUSTOMPROPERTY18::l#String,
CUSTOMPROPERTY19::physicalDeliveryOfficeName#String,
CUSTOMPROPERTY20::userPrincipalName#String,
CUSTOMPROPERTY21::manager#String,
CUSTOMPROPERTY22::company#String,
CUSTOMPROPERTY23::employeeNumber#String,
CUSTOMPROPERTY24::managerUPN#String,
CUSTOMPROPERTY25::employeeType#String,
CUSTOMPROPERTY32::msDS-cloudExtensionAttribute11#String,
CUSTOMPROPERTY33::msDS-cloudExtensionAttribute12#String,
CUSTOMPROPERTY35::info#String,
CUSTOMPROPERTY36::msDS-cloudExtensionAttribute10#String,
RECONCILATION_FIELD::CUSTOMPROPERTY1]

Thank you for all the response.

Copyright © 2024 Khoros, LLC