Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Update AD Group Management

RoniYla
New Contributor
New Contributor

Hi,

we are implementing Group Management and we have been successfully able to Provision a new AD group, but when we try to modify or delete a group from AD we get these pending tasks:
Delete Entitlement, Update Entitlement

The issue is that when we run the WSRETRYJOB for that endpoint these tasks are not being updated. This is the same Job that we run when we create a group and the Create Entitlement task is completed.

The Delete Entitlement, Update Entitlement tasks are not being triggered at all since the Task Update Date is not being updated and the Number of tries for provisioning is blank even if I try to run it multiple times.

This makes me think that we are missing a configuration in the AD connector but I can't find a suitable
config slot for them unlike the create which uses the 'createUpdateMappings' in AD connector.

 

best regards,
Roni Ylärakkola

8 REPLIES 8

SumathiSomala
All-Star
All-Star

@RoniYla Could you please share the createUpdateMappings

and also share the logs

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

Hi,

this is the createUpdateMappings
"cn":"${role?.customproperty27}",
"objectCategory":"CN=Group,CN=Schema,CN=******,DC=******,DC=co",
"distinguishedName":"${role?.customproperty27}",
"displayName":"${role?.displayname}",
"SamAccountName":"${role?.customproperty27}",
"name":"${role?.customproperty27}",
"description":"${role?.description}",
"objectClass":"group",
"managedBy":"${user?.customproperty1}",
"groupType": "-2147483646"

This is the only line refrencing update entitlement in logs:

2023-10-25 12:25:19,669 [quartzScheduler_Worker-3] DEBUG services.ArsTaskService - Query for Update Entitlement Tasks=
select rr from ArsTasks rr where
rr.accountKey is null and (rr.endDate = null or rr.endDate > :ed)
and rr.tasktype = 27 and rr.id in (86689,86688,86691,86690,86693,86692,86998,86687)

-Roni

Hi @RoniYla ,

Remove distinguishedName mapping from createUpdateMappings JSON and try once like below.

"cn":"${role?.customproperty27}",
"objectCategory":"CN=Group,CN=Schema,CN=******,DC=******,DC=co",
"displayName":"${role?.displayname}",
"SamAccountName":"${role?.customproperty27}",
"name":"${role?.customproperty27}",
"description":"${role?.description}",
"objectClass":"group",
"managedBy":"${user?.customproperty1}",
"groupType": "-2147483646"


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

RoniYla
New Contributor
New Contributor

Hi,

tested removing distinguishedName from the createUpdateMappings and this had no effect on the provisioning. The tasks aren't updated and the Number of Provisioning stays empy:

RoniYla_0-1698411450879.png

br,

Roni

@RoniYla is this happening only for create/update entitlement task?

is it working for create account/add access tasks?

can you please check the below config in global configuration.

keep this config to default.

SumathiSomala_0-1698411822381.png

Also are you seeing any error in the logs?

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

RoniYla
New Contributor
New Contributor

Hi,

create entitlement is working as inteded from the beginning.
Update/Delete entitlement is not working at all.

This is the global config:

RoniYla_0-1698414458614.png

Haven't seen any errors. It seems as though its not even attempting to trigger the tasks.

br,

Roni

@RoniYla Could please run the WSRETRY job by removing selected options. Keep this config blank or default.

SumathiSomala_0-1698414833421.png

 

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

Hi,

thanks for the suggestion, but it didn't help.

I cleared the Task Execution Hierarchy and ran the provisioning job again, but again the tasks are untouched.

RoniYla_2-1698655759069.png

 

RoniYla_3-1698655770735.png

br,

Roni