We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Update Extension Attribute in Active Directory

AnithaMavurapu
New Contributor III
New Contributor III

Hi All,

I am working on a use case, when a user is terminated extension attribute “msExchHideFromAddressLists” should get updated in AD with value “True". Did anyone designed to update this extension attribute "msExchHideFromAddressLists" in AD?, could you please advise/suggest how this can be done.

FYI - When I did browsing on this topic found below information.

AnithaMavurapu_0-1689772217259.png

Thanks

Anitha Mavurapu

6 REPLIES 6

SB
Saviynt Employee
Saviynt Employee

You can try to add the below in your JSON and see if it helps

"msExchHideFromAddressLists":"TRUE"

 


Regards,
Sahil

AnithaMavurapu
New Contributor III
New Contributor III

Hi Sahil,

I did tried with exactly the same JSON as you mentioned above in REMOVEACCOUNTACTION JSON, but Remove account task failed with below error.

“Error while Delete operation for account-testpfn.nonusemp_ln in AD, Error Deleting/Disablng the Account from AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C09105D, comment: Error in attribute conversion operation, data 0, v4563]”.

Thanks

Anitha Mavurapu

Hi @AnithaMavurapu ,

While removing the account, I don't think we can pass additional attribute to change the value in the target AD apart from below :

  • removeAction
  • moveUsertoOU
  • deleteAllGroups
  • userAccountControl

Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

Hi Paddy,

Thanks for your response, if that is the case I am able to update the description attribute value in AD when a user is terminated as mention in below working REMOVEACCOUNTACTION JSON.

{
"removeAction": "SUSPEND",
"moveUsertoOU": "OU=Disabled_Test,OU=Saviynt_Test,OU=********,DC=*********,DC=******",
"deleteAllGroups": "Yes",
"userAccountControl": "514",
"description": "${if(user?.customproperty64.equals('Terminated')){String str ='' ;return str.concat('Saviynt Termination ').concat(new java.text.SimpleDateFormat('MM-dd-yyyy').format(user.enddate))}}"
}

Thanks

Anitha Mavurapu

Hi @AnithaMavurapu ,

Ohh so we can update the attributes as well along with disable/remove. Can try below in the RemoveAccountJSON. True with double qoute.

"msExchHideFromAddressLists":TRUE


Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

AnithaMavurapu
New Contributor III
New Contributor III

Hi Sahil/Pandharinath,

Thanks for your response, FYI - below RemoveAccountAction JSON worked updating AD extension attribute.

{
"removeAction": "SUSPEND",
"moveUsertoOU": "OU=*********,OU=********,OU=******,DC=*****,DC=*****",
"deleteAllGroups": "Yes",
"userAccountControl": "514",
"description": "${if(user?.customproperty47.equals('Termination')){String str = '';return str.concat('Saviynt Termination ').concat(user.customproperty49)}}",
"msExchHideFromAddressLists": "TRUE"
}

Thanks

Anitha Mavurapu