Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Set AccountExpires in AD and Move User to Different OU for Leavers

LokeshSoundar1
New Contributor
New Contributor

‎07/03/2024 12:09 PM

Hi,

 

I have a requirement where for leavers, on the day of them leaving, I need to only set the Account Expires as their leave date and move them to Leavers OU in AD and not needed to update their status as disabled.

My questions are,

1. Can I use disable Account JSON to do this? If yes, then wouldn't set the status of account as inactive in Saviynt? 

2. If I use Update Account JSON, can I use MoveUsertoOU to move the account to different OU?

3. And If I need to use only Update Account JSON for this, Can I include condition to update Account Expires only for Leavers? for the rest of the scenario, It shouldnt even pass that attribute.

Appreciate any help.

 

Regards,

Lokesh

Labels:
0 Kudos
7 REPLIES 7

Raghu
All-Star
All-Star

‎07/03/2024 08:12 PM

@LokeshSoundar1  check below is reference

 
 

{
"moveUsertoOU": "OU=DeletedUsers,DC=abccompany,DC=com",
"deleteAllGroups": "Yes",
"userAccountControl": "514",
"password": "${randomPassword}"
}

https://forums.saviynt.com/t5/identity-governance/ad-disable-account/m-p/49388

 

 


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.
0 Kudos

rushikeshvartak
All-Star
All-Star

‎07/03/2024 08:26 PM - edited ‎07/04/2024 05:04 PM

1. Can I use disable Account JSON to do this? If yes, then wouldn't set the status of account as inactive in Saviynt?  - Yes / status gets controlled by status threshold configuration 

2. If I use Update Account JSON, can I use MoveUsertoOU to move the account to different OU? - Yes https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Provisioni...

3. And If I need to use only Update Account JSON for this, Can I include condition to update Account Expires only for Leavers? for the rest of the scenario, It shouldnt even pass that attribute. - You can’t skip some attribute 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

LokeshSoundar1
New Contributor
New Contributor
In response to rushikeshvartak

‎07/04/2024 02:13 AM

And also for point 3, I think I can use if the if else block the JSON to check if the user's leave date is today or is in the past, then set the accountexpires in if block and in else block, I can keep rest of my logic.

0 Kudos

LokeshSoundar1
New Contributor
New Contributor

‎07/04/2024 02:05 AM

Hi Rushikesh,

Thanks for your response. As per the AD documentation (https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Provisioni...),

I can see that we can use MoveusertoOU In update account JSON.

 

 

0 Kudos

SumathiSomala
All-Star
All-Star
In response to LokeshSoundar1

‎07/04/2024 02:19 AM

@LokeshSoundar1 We can use moveUsertoOU in update accountAD.

Earlier I have used in one of the implementation.

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

LokeshSoundar1
New Contributor
New Contributor
In response to SumathiSomala

‎07/04/2024 02:25 AM

Thanks Sumathi. I have a couple of follow up questions.

1. How can I set AccountExpires in AD with the end date value in Saviynt?

2. How can I update SamAccountName, CN, DN and Mail field in AD if the first name or last name is updated? And also Can I use Account Name rule and check for unique for this or is this only supported for create account?

If you can share any sample JSON, it would be great.

Thanks,

Lokesh

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to LokeshSoundar1

‎07/04/2024 05:07 PM

  1. Refer for AccountExpires  https://forums.saviynt.com/t5/identity-governance/case-statement-and-accountexpires-attribute-throwi...
  2. Account Name rule is used during create account creation

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC