Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/05/2024 03:44 AM
Hi Team,
We are unable to pass the Manager and Account expires attributes to AD and below is the JSON we tried
{
"accountExpires": "${user.enddate != null ? (new Date(user.enddate).getTime() * 10000) + 116444736000000000 : 0}",
"cn": "${cn}",
"co": "${user.country}",
"department": "${user.departmentname}",
"displayname": "${user.displayname}",
"employeetype": "${user.employeeType}",
"givenName": "${user.firstname}",
"l": "${user.city}",
"mail": "${user.email}",
"employeenumber":"${user.employeeID==null?'':user.employeeID}",
"userPrincipalName": "${user.email}",
"name": "${user.username}",
"objectClass": ["top","person","organizationalPerson","user"],
"pwdLastSet": "0",
"sAMAccountName": "${task.accountName}",
"sn": "${user.lastname}",
"st": "${user.customproperty10}",
"streetAddress": "${user.street}",
"manager": "${managerAccount.comments}",
"title": "${user.JOB_FUNCTION}",
"description": "${'Created by Saviynt on ' + new Date().format('yyyy-MM-dd')}",
"extensionAttribute3": "${user.customproperty14}",
"userAccountControl": "512"
}
We are trying to pass the Enddate of the user to accountExpires and manager's DN was stored in comments and CP28 of the account. Below is the error we are getting while trying to process the task.
Error for Manager attribute:
Checking DN for CN=lkrshukla,OU=Users,OU=SaviyntOU1,OU=Test,DC=hlm,DC=ssc,DC=lan.Not FOund DN for CN=lkrshukla,OU=Users,OU=SaviyntOU1,OU=Test,DC=hlm,DC=ssc,DC=lan. Error while creating account in AD - [LDAP: error code 19 - 000020B5: AtrErr: DSID-031533C8, #1: 0: 000020B5: DSID-031533C8, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 15000a (manager) ]
Binding Map in Logs:
CreateAccount - Binding map is..[ServiceAccountOwnerMap:[:], endpointsObj:Active Directory, entitlementValuesObj:null, manager:ssganguly, usersObj:lkrshukla, randomPassword:****, usersManagerObj:ssganguly, managerAccount:ssganguly, userAttributesMap:[:], password:****, task:com.saviynt.ecm.task.ArsTasks : 80, requestAccessAttributes:[:], user:lkrshukla, account:lkrshukla, arstasksObj:com.saviynt.ecm.task.ArsTasks : 80, accountsObj:[name:lkrshukla]]
Error for AccountExpires:
Checking DN for CN=lkrshukla,OU=Users,OU=SaviyntOU1,OU=Test,DC=hlm,DC=ssc,DC=lan.Not FOund DN for CN=lkrshukla,OU=Users,OU=SaviyntOU1,OU=Test,DC=hlm,DC=ssc,DC=lan. Error while creating account in AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C0911AD, comment: Error in attribute conversion operation, data 0, v3839]
Solved! Go to Solution.
08/05/2024 04:54 AM
Hi @Mohit_Sanka , manager attribute of AD requires DN value
Use managerAccount.customproperty37
*Do confirm the customproperty*
Account expire instead of user try sending blank/empty value like this ''
08/05/2024 04:58 AM
Hi @NM ,
I did tried passing the customproperty like CP28 which has the DN value same like Comments. but still getting the same error.
For Account expire we are not getting any error if we are passing 0 as the value.
08/05/2024 05:44 AM - edited 08/05/2024 05:47 AM
@Mohit_Sanka To troubleshoot the issue try below JSON and share the logs
{
"accountExpires": "0",
"co": "${user.country}",
"department": "${user.departmentname}",
"displayname": "${user.displayname}",
"employeetype": "${user.employeeType}",
"givenName": "${user.firstname}",
"l": "${user.city}",
"mail": "${user.email}",
"employeenumber":"${user.employeeID==null?'':user.employeeID}",
"userPrincipalName": "${user.email}",
"name": "${user.username}",
"objectClass": ["top","person","organizationalPerson","user"],
"pwdLastSet": "0",
"sAMAccountName": "${task.accountName}",
"sn": "${user.lastname}",
"st": "${user.customproperty10}",
"streetAddress": "${user.street}",
"manager":"${managerAccount==null?'':managerAccount.comments}",
"title": "${user.job_function}",
"description": "${'Created by Saviynt on ' + new Date().format('yyyy-MM-dd')}",
"extensionAttribute3": "${user.customproperty14}",
"userAccountControl": "512"
}
08/05/2024 05:56 AM
Hi @SumathiSomala ,
We did tried to pass the manager details with null check but it still failed. Logs are attached below.
Regards,
Mohit.
08/05/2024 06:51 PM - edited 08/05/2024 06:52 PM
"manager":"${managerAccount?.accountID}"
08/05/2024 05:12 AM - edited 08/05/2024 05:13 AM
@Mohit_Sanka can you share logs after running prov job?
Also if you try passing account expire field without manager field in json.
10/08/2024 06:23 AM
I am also trying to set accountexpires and verified that this works for me in the updateaccountjson:
"accountExpires": "${if(user.enddate != null){10000*(user.enddate.getTime() + 11644646400000)} else {'0'}}",
This is what we use for manager:
"manager": "${managerAccount.accountID !=null?(managerAccount.accountID):''}",
I found it in this SAV document: https://docs.saviyntcloud.com/bundle/ADSI-v2021x/page/Content/Troubleshooting.htm
But it was off by 2 days so I adjusted the offset millisecs at the end and now it assigns the date that's set in end date.
10/08/2024 09:58 AM
What is not working
?
10/08/2024 10:02 AM
Hi All,
It is working now and we are able to pass Manager and Account expires details to AD. The issue was with a different attributes which were causing issue and throwing an error to pass Manager or other attributes.
We are able to fix post some analysis on the attribute mapping.
Thanks & Regards,
Mohit Srinath Sanka.
10/08/2024 10:08 AM
Please share working JSON
10/08/2024 10:10 AM
Please find the working JSON
{
"accountExpires": "${user.enddate == null? '9223372036854775807' : (10000*(user.enddate.getTime() + 11644473600000)).toString()}",
"cn": "${cn}",
"co": "${user.country==null?'':user.country}",
"department": "${user.departmentname==null?'':user.departmentname}",
"displayname": "${user.displayname==null?'':user.displayname}",
"employeetype": "${user.employeeType==null?'':user.employeeType}",
"givenName": "${user.firstname==null?'':user.firstname}",
"mail": "${user.email==null?'':user.email}",
"name": "${user.username==null?'':user.username}",
"objectClass": ["top","person","organizationalPerson","user"],
"pwdLastSet": "0",
"sAMAccountName": "${task.accountName}",
"sn": "${user.lastname==null?'':user.lastname}",
"userAccountControl": "512",
"manager": "${managerAccount==null?'':managerAccount.customproperty28}",
"employeenumber": "${user.employeeid==null?'':user.employeeid}",
"description": "${'Created by Saviynt on ' + new Date().format('yyyy-MM-dd')}",
"userPrincipalName": "${user.email==null?'':user.email}",
"extensionAttribute3": "${user.customproperty14==null?'':user.customproperty14}",
"title": "${user.job_function==null?'':user.job_function}"
}