Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Unable to pass Manager and AccountExpires attributes to AD

Mohit_Sanka
New Contributor II
New Contributor II

Hi Team,

We are unable to pass the Manager and Account expires attributes to AD and below is the JSON we tried 

{
"accountExpires": "${user.enddate != null ? (new Date(user.enddate).getTime() * 10000) + 116444736000000000 : 0}",
"cn": "${cn}",
"co": "${user.country}",
"department": "${user.departmentname}",
"displayname": "${user.displayname}",
"employeetype": "${user.employeeType}",
"givenName": "${user.firstname}",
"l": "${user.city}",
"mail": "${user.email}",
"employeenumber":"${user.employeeID==null?'':user.employeeID}",
"userPrincipalName": "${user.email}",
"name": "${user.username}",
"objectClass": ["top","person","organizationalPerson","user"],
"pwdLastSet": "0",
"sAMAccountName": "${task.accountName}",
"sn": "${user.lastname}",
"st": "${user.customproperty10}",
"streetAddress": "${user.street}",
"manager": "${managerAccount.comments}",
"title": "${user.JOB_FUNCTION}",
"description": "${'Created by Saviynt on ' + new Date().format('yyyy-MM-dd')}",
"extensionAttribute3": "${user.customproperty14}",
"userAccountControl": "512"
}

We are trying to pass the Enddate of the user to accountExpires and manager's DN was stored in comments and CP28 of the account. Below is the error we are getting while trying to process the task.

Error for Manager attribute:

Checking DN for CN=lkrshukla,OU=Users,OU=SaviyntOU1,OU=Test,DC=hlm,DC=ssc,DC=lan.Not FOund DN for CN=lkrshukla,OU=Users,OU=SaviyntOU1,OU=Test,DC=hlm,DC=ssc,DC=lan. Error while creating account in AD - [LDAP: error code 19 - 000020B5: AtrErr: DSID-031533C8, #1: 0: 000020B5: DSID-031533C8, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 15000a (manager) ]

Binding Map in Logs:
CreateAccount - Binding map is..[ServiceAccountOwnerMap:[:], endpointsObj:Active Directory, entitlementValuesObj:null, manager:ssganguly, usersObj:lkrshukla, randomPassword:****, usersManagerObj:ssganguly, managerAccount:ssganguly, userAttributesMap:[:], password:****, task:com.saviynt.ecm.task.ArsTasks : 80, requestAccessAttributes:[:], user:lkrshukla, account:lkrshukla, arstasksObj:com.saviynt.ecm.task.ArsTasks : 80, accountsObj:[name:lkrshukla]]

 

Error for AccountExpires:

Checking DN for CN=lkrshukla,OU=Users,OU=SaviyntOU1,OU=Test,DC=hlm,DC=ssc,DC=lan.Not FOund DN for CN=lkrshukla,OU=Users,OU=SaviyntOU1,OU=Test,DC=hlm,DC=ssc,DC=lan. Error while creating account in AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839]

6 REPLIES 6

NM
Honored Contributor II
Honored Contributor II

Hi @Mohit_Sanka , manager attribute of AD requires DN value

Use managerAccount.customproperty37

*Do confirm the customproperty*

Account expire instead of user try sending blank/empty value like this ''

Mohit_Sanka
New Contributor II
New Contributor II

Hi @NM ,

I did tried passing the customproperty like CP28 which has the DN value same like Comments. but still getting the same error.
For Account expire we are not getting any error if we are passing 0 as the value.

@Mohit_Sanka To troubleshoot the issue try below JSON and share the logs

{
"accountExpires": "0",
"co": "${user.country}",
"department": "${user.departmentname}",
"displayname": "${user.displayname}",
"employeetype": "${user.employeeType}",
"givenName": "${user.firstname}",
"l": "${user.city}",
"mail": "${user.email}",
"employeenumber":"${user.employeeID==null?'':user.employeeID}",
"userPrincipalName": "${user.email}",
"name": "${user.username}",
"objectClass": ["top","person","organizationalPerson","user"],
"pwdLastSet": "0",
"sAMAccountName": "${task.accountName}",
"sn": "${user.lastname}",
"st": "${user.customproperty10}",
"streetAddress": "${user.street}",

"manager":"${managerAccount==null?'':managerAccount.comments}",
"title": "${user.job_function}",
"description": "${'Created by Saviynt on ' + new Date().format('yyyy-MM-dd')}",
"extensionAttribute3": "${user.customproperty14}",
"userAccountControl": "512"
}

 

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

Hi @SumathiSomala ,

 

We did tried to pass the manager details with null check but it still failed. Logs are attached below.

 

Regards,

Mohit.

"manager":"${managerAccount?.accountID}"


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM
Honored Contributor II
Honored Contributor II

@Mohit_Sanka can you share logs after running prov job?

Also if you try passing account expire field without manager field in json.