and more in a single search tool across platforms. Read the announcement here. |
03/07/2024 02:33 AM
Hi Team,
I am working on new joiners and provisioning their accounts into the Active Directory. I am using 23.12.
We referred to the following forum post (https://forums.saviynt.com/t5/identity-governance/map-inactive-manager-in-active-directory/m-p/36000...) and tried the following variations:
Option 1 = "manager":"${managerAccount.accountID}",
Option 2 = "manager": "${managerAccount==null?'':managerAccount.accountID}",
Option 3 = "manager": "${ if (managerAccount == null || managerAccount?.accountID == null || managerAccount?.accountID == ''){''} else {managerAccount?.accountID} }",
All these options working when the manager is active. However, if the manager is inactive, account creation itself is getting failed with following errors-
Option 1 = Checking DN for CN=A Barrales (abarrales),OU=Active,OU=Accounts,OU=Bank,OU=CORP,DC=DOMAIN,DC=COM. Not FOund DN for CN=ABarrales (abarrales),OU=Active,OU=Accounts,OU=Bank,OU=CORP,DC=DOMAIN,DC=COM.
Error while creating account in AD - Cannot get property 'accountID' on null object
Option 2 = Checking DN for CN=A Barrales (abarrales),OU=Active,OU=Accounts,OU=Bank,OU=CORP,DC=DOMAIN,DC=COM. Not FOund DN for CN=A Barrales (abarrales),OU=Active,OU=Accounts,OU=Bank,OU=CORP,DC=DOMAIN,DC=COM. Error while creating account in AD - [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0 ]
Option 3 = Checking DN for CN=A Barrales (abarrales),OU=Active,OU=Accounts,OU=Bank,OU=CORP,DC=DOMAIN,DC=COM. Not FOund DN for CN=A Barrales (abarrales),OU=Active,OU=Accounts,OU=Bank,OU=CORP,DC=DOMAIN,DC=COM. Error while creating account in AD - [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0 ]
03/07/2024 02:41 AM
@yatishtiwari can you try manager like below
Manager":"${manager==null?"":manager.username}",
03/07/2024 03:11 AM
Hi Raghu,
Thank you for the response. Now I am facing following issue -
[LDAP: error code 19 - 000020B5: AtrErr: DSID-03153438, #1: 0: 000020B5: DSID-03153438, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 15000a (manager) ]
03/07/2024 03:25 AM
can you try below attribute in your json and try it
"REUSEINACTIVEACCOUNT " : "TRUE"
or
"REUSEINACTIVEACCOUNT " : TRUE
03/07/2024 04:28 AM
03/07/2024 02:53 AM
HI @yatishtiwari , can you try in AD directly - creating a new account with inactive manager. If not then Saviynt cant as well. You can have a dynamic attribute in form for manager AD account status and use that in if else condition to pass empty when manager is inactive.
Thanks,
Amit
If this answers your query, Please ACCEPT SOLUTION and give KUDOS.