Saviynt Forums

RoniYla · ‎10/25/2023

Hi,

we are implementing Group Management and we have been successfully able to Provision a new AD group, but when we try to modify or delete a group from AD we get these pending tasks:
Delete Entitlement, Update Entitlement

The issue is that when we run the WSRETRYJOB for that endpoint these tasks are not being updated. This is the same Job that we run when we create a group and the Create Entitlement task is completed.

The Delete Entitlement, Update Entitlement tasks are not being triggered at all since the Task Update Date is not being updated and the Number of tries for provisioning is blank even if I try to run it multiple times.

This makes me think that we are missing a configuration in the AD connector but I can't find a suitable
config slot for them unlike the create which uses the 'createUpdateMappings' in AD connector.

best regards,
Roni Ylärakkola

SumathiSomala · ‎10/25/2023

@RoniYla Could you please share the createUpdateMappings

and also share the logs

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

RoniYla · ‎10/25/2023

Hi,

this is the createUpdateMappings
"cn":"${role?.customproperty27}",
"objectCategory":"CN=Group,CN=Schema,CN=******,DC=******,DC=co",
"distinguishedName":"${role?.customproperty27}",
"displayName":"${role?.displayname}",
"SamAccountName":"${role?.customproperty27}",
"name":"${role?.customproperty27}",
"description":"${role?.description}",
"objectClass":"group",
"managedBy":"${user?.customproperty1}",
"groupType": "-2147483646"

This is the only line refrencing update entitlement in logs:

2023-10-25 12:25:19,669 [quartzScheduler_Worker-3] DEBUG services.ArsTaskService - Query for Update Entitlement Tasks=
select rr from ArsTasks rr where
rr.accountKey is null and (rr.endDate = null or rr.endDate > :ed)
and rr.tasktype = 27 and rr.id in (86689,86688,86691,86690,86693,86692,86998,86687)

-Roni

pmahalle · ‎10/25/2023

Hi @RoniYla ,

Remove distinguishedName mapping from createUpdateMappings JSON and try once like below.

"cn":"${role?.customproperty27}",
"objectCategory":"CN=Group,CN=Schema,CN=******,DC=******,DC=co",
"displayName":"${role?.displayname}",
"SamAccountName":"${role?.customproperty27}",
"name":"${role?.customproperty27}",
"description":"${role?.description}",
"objectClass":"group",
"managedBy":"${user?.customproperty1}",
"groupType": "-2147483646"

Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

RoniYla · ‎10/27/2023

Hi,

tested removing distinguishedName from the createUpdateMappings and this had no effect on the provisioning. The tasks aren't updated and the Number of Provisioning stays empy:

br,

Roni

SumathiSomala · ‎10/27/2023

@RoniYla is this happening only for create/update entitlement task?

is it working for create account/add access tasks?

can you please check the below config in global configuration.

keep this config to default.

Also are you seeing any error in the logs?

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

RoniYla · ‎10/27/2023

Hi,

create entitlement is working as inteded from the beginning.
Update/Delete entitlement is not working at all.

This is the global config:

Haven't seen any errors. It seems as though its not even attempting to trigger the tasks.

br,

Roni

SumathiSomala · ‎10/27/2023

@RoniYla Could please run the WSRETRY job by removing selected options. Keep this config blank or default.

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

RoniYla · ‎10/30/2023

Hi,

thanks for the suggestion, but it didn't help.

I cleared the Task Execution Hierarchy and ran the provisioning job again, but again the tasks are untouched.

br,

Roni

Saviynt Forums

Update AD Group Management