Hi Team,
I am working on new joiners and provisioning their accounts into the Active Directory. I am using 23.12.
We referred to the following forum post (https://forums.saviynt.com/t5/identity-governance/map-inactive-manager-in-active-directory/m-p/36000...) and tried the following variations:
Option 1 = "manager":"${managerAccount.accountID}",
Option 2 = "manager": "${managerAccount==null?'':managerAccount.accountID}",
Option 3 = "manager": "${ if (managerAccount == null || managerAccount?.accountID == null || managerAccount?.accountID == ''){''} else {managerAccount?.accountID} }",
All these options working when the manager is active. However, if the manager is inactive, account creation itself is getting failed with following errors-
Option 1 = Checking DN for CN=A Barrales (abarrales),OU=Active,OU=Accounts,OU=Bank,OU=CORP,DC=DOMAIN,DC=COM. Not FOund DN for CN=ABarrales (abarrales),OU=Active,OU=Accounts,OU=Bank,OU=CORP,DC=DOMAIN,DC=COM.
Error while creating account in AD - Cannot get property 'accountID' on null object
Option 2 = Checking DN for CN=A Barrales (abarrales),OU=Active,OU=Accounts,OU=Bank,OU=CORP,DC=DOMAIN,DC=COM. Not FOund DN for CN=A Barrales (abarrales),OU=Active,OU=Accounts,OU=Bank,OU=CORP,DC=DOMAIN,DC=COM. Error while creating account in AD - [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0 ]
Option 3 = Checking DN for CN=A Barrales (abarrales),OU=Active,OU=Accounts,OU=Bank,OU=CORP,DC=DOMAIN,DC=COM. Not FOund DN for CN=A Barrales (abarrales),OU=Active,OU=Accounts,OU=Bank,OU=CORP,DC=DOMAIN,DC=COM. Error while creating account in AD - [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0 ]
Is there any recent change or any permission we need to assign AD service account? Or I am missing some point.
Thanks,
Yatish
