Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/26/2023 11:39 PM
Hi all,
We are working on Service Account use case provisioning/Deprovision/Modify through ARS> Manage Service Account.
We had a use case to modify the Service Account Name, We don't see an option to Change the Account Name through Modify Service Account option.
We even tried to change the account name at the AD end and tried importing the accounts and the following happened.
Could you please let us know is this a expected Saviynt behavior and any feasibility to modify the account name for Service Account.
Appreciate your help!
Thank You.
Solved! Go to Solution.
06/27/2023 12:01 AM
@krishna_sk Can you share your ACCOUNT_ATTRIBUTE connection parameter?
What is your RECONCILATION_FIELD set to?
06/27/2023 11:35 PM
Hi Vivek,
Below is the Account_Attribute we are using and OBJECTGUID is the Reconciliation field we are using.
[ACCOUNTID::distinguishedName#String,
name::sAMAccountName#String,
CUSTOMPROPERTY30::userAccountControl#String,
UPDATEDATE::whenChanged#date,
LASTLOGONDATE::lastLogon#millisec,
CREATED_ON::whenCreated#date,
CUSTOMPROPERTY1::objectGUID#Binary,
CUSTOMPROPERTY2::distinguishedName#String,
CUSTOMPROPERTY3::employeeID#String,
CUSTOMPROPERTY4::cn#String,
CUSTOMPROPERTY5::givenName#String,
CUSTOMPROPERTY6::sn#String,
CUSTOMPROPERTY7::displayName#String,
CUSTOMPROPERTY8::department#String,
CUSTOMPROPERTY9::title#String,
CUSTOMPROPERTY10::mail#String,
CUSTOMPROPERTY11::mobile#String,
CUSTOMPROPERTY12::telephoneNumber#String,
CUSTOMPROPERTY13::streetAddress#String,
CUSTOMPROPERTY14::st#String,
CUSTOMPROPERTY15::postalCode#String,
CUSTOMPROPERTY16::co#String,
CUSTOMPROPERTY17::c#String,
CUSTOMPROPERTY18::l#String,
CUSTOMPROPERTY19::physicalDeliveryOfficeName#String,
CUSTOMPROPERTY20::userPrincipalName#String,
CUSTOMPROPERTY21::manager#String,
CUSTOMPROPERTY22::company#String,
CUSTOMPROPERTY23::employeeNumber#String,
CUSTOMPROPERTY24::managerUPN#String,
CUSTOMPROPERTY25::employeeType#String,
CUSTOMPROPERTY32::msDS-cloudExtensionAttribute11#String,
CUSTOMPROPERTY33::msDS-cloudExtensionAttribute12#String,
CUSTOMPROPERTY35::info#String,
CUSTOMPROPERTY36::msDS-cloudExtensionAttribute10#String
RECONCILATION_FIELD::CUSTOMPROPERTY1]
Thank you.
06/28/2023 02:52 AM
@krishna_sk can you please explain more on this point?
"A New Account is created with the same OBJECTGUID and with the new Account Name, CN & SamAccountName. But the Account type & Owner details are getting removed."
can you please explain how a new account is created with the same objectGUID?
objectGUID is a unique attribute and is auto-generated by AD. How a newly created account is getting the same objectGUID as the existing account?
06/28/2023 11:28 PM
Hi @vivekmohanty_pm ,
At the AD end, there is only one account. But in Saviynt it is creating a Duplicate account with same OBJECTGUID whenever we make a change to the 'ServiceAccount Name' at the AD end and run the reconciliation.
Please let me know if the above answer helps or needed any further information.
Thank you.
07/01/2023 11:12 PM
@krishna_sk can you share your EIC version?
Also, where are you able to see the accounts? in the Service Account Management page or in the Endpoints > Accounts page?
07/03/2023 08:29 PM
Hi @vivekmohanty_pm ,
Saviynt v2020.1.2 is the version we are using.
We are seeing the accounts under Endpoints>Accounts page and not in ARS > Manage Service Accounts (as only active accounts will be visible here).
Some more details to this, The account is getting updated successfully when we change the account attributes (CN,Firstname,SN,Displayname etc.,) at AD end and by running recon job expect SamAccountName (which is mapped to AccountName in Saviynt). It is happening only for the accounts which are managed through ARS > Manage Service Accounts tile but not for the accounts managed through ARS > Request Access for self/others.
PLease let me know if you need any further information.
Thank you.
09/21/2023 03:25 AM
There was a syntax isuse in the ACCOUNT_ATTRIBUTE which misses a comma (,). After updating the syntax , the issue got resolved.
[ACCOUNTID::distinguishedName#String,
name::sAMAccountName#String,
CUSTOMPROPERTY30::userAccountControl#String,
UPDATEDATE::whenChanged#date,
LASTLOGONDATE::lastLogon#millisec,
CREATED_ON::whenCreated#date,
CUSTOMPROPERTY1::objectGUID#Binary,
CUSTOMPROPERTY2::distinguishedName#String,
CUSTOMPROPERTY3::employeeID#String,
CUSTOMPROPERTY4::cn#String,
CUSTOMPROPERTY5::givenName#String,
CUSTOMPROPERTY6::sn#String,
CUSTOMPROPERTY7::displayName#String,
CUSTOMPROPERTY8::department#String,
CUSTOMPROPERTY9::title#String,
CUSTOMPROPERTY10::mail#String,
CUSTOMPROPERTY11::mobile#String,
CUSTOMPROPERTY12::telephoneNumber#String,
CUSTOMPROPERTY13::streetAddress#String,
CUSTOMPROPERTY14::st#String,
CUSTOMPROPERTY15::postalCode#String,
CUSTOMPROPERTY16::co#String,
CUSTOMPROPERTY17::c#String,
CUSTOMPROPERTY18::l#String,
CUSTOMPROPERTY19::physicalDeliveryOfficeName#String,
CUSTOMPROPERTY20::userPrincipalName#String,
CUSTOMPROPERTY21::manager#String,
CUSTOMPROPERTY22::company#String,
CUSTOMPROPERTY23::employeeNumber#String,
CUSTOMPROPERTY24::managerUPN#String,
CUSTOMPROPERTY25::employeeType#String,
CUSTOMPROPERTY32::msDS-cloudExtensionAttribute11#String,
CUSTOMPROPERTY33::msDS-cloudExtensionAttribute12#String,
CUSTOMPROPERTY35::info#String,
CUSTOMPROPERTY36::msDS-cloudExtensionAttribute10#String,
RECONCILATION_FIELD::CUSTOMPROPERTY1]
Thank you for all the response.