Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Update Extension Attribute in Active Directory

AnithaMavurapu
New Contributor III
New Contributor III

Hi All,

I am working on a use case, when a user is terminated extension attribute “msExchHideFromAddressLists” should get updated in AD with value “True". Did anyone designed to update this extension attribute "msExchHideFromAddressLists" in AD?, could you please advise/suggest how this can be done.

FYI - When I did browsing on this topic found below information.

AnithaMavurapu_0-1689772217259.png

Thanks

Anitha Mavurapu

6 REPLIES 6

SB
Saviynt Employee
Saviynt Employee

You can try to add the below in your JSON and see if it helps

"msExchHideFromAddressLists":"TRUE"

 


Regards,
Sahil

AnithaMavurapu
New Contributor III
New Contributor III

Hi Sahil,

I did tried with exactly the same JSON as you mentioned above in REMOVEACCOUNTACTION JSON, but Remove account task failed with below error.

“Error while Delete operation for account-testpfn.nonusemp_ln in AD, Error Deleting/Disablng the Account from AD - [LDAP: error code 21 - 00000057: LdapErr: DSID-0C09105D, comment: Error in attribute conversion operation, data 0, v4563]”.

Thanks

Anitha Mavurapu

Hi @AnithaMavurapu ,

While removing the account, I don't think we can pass additional attribute to change the value in the target AD apart from below :

  • removeAction
  • moveUsertoOU
  • deleteAllGroups
  • userAccountControl

Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

Hi Paddy,

Thanks for your response, if that is the case I am able to update the description attribute value in AD when a user is terminated as mention in below working REMOVEACCOUNTACTION JSON.

{
"removeAction": "SUSPEND",
"moveUsertoOU": "OU=Disabled_Test,OU=Saviynt_Test,OU=********,DC=*********,DC=******",
"deleteAllGroups": "Yes",
"userAccountControl": "514",
"description": "${if(user?.customproperty64.equals('Terminated')){String str ='' ;return str.concat('Saviynt Termination ').concat(new java.text.SimpleDateFormat('MM-dd-yyyy').format(user.enddate))}}"
}

Thanks

Anitha Mavurapu

Hi @AnithaMavurapu ,

Ohh so we can update the attributes as well along with disable/remove. Can try below in the RemoveAccountJSON. True with double qoute.

"msExchHideFromAddressLists":TRUE


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

AnithaMavurapu
New Contributor III
New Contributor III

Hi Sahil/Pandharinath,

Thanks for your response, FYI - below RemoveAccountAction JSON worked updating AD extension attribute.

{
"removeAction": "SUSPEND",
"moveUsertoOU": "OU=*********,OU=********,OU=******,DC=*****,DC=*****",
"deleteAllGroups": "Yes",
"userAccountControl": "514",
"description": "${if(user?.customproperty47.equals('Termination')){String str = '';return str.concat('Saviynt Termination ').concat(user.customproperty49)}}",
"msExchHideFromAddressLists": "TRUE"
}

Thanks

Anitha Mavurapu