Hi Team -
I am seeing an issue with the User Account Correlation rule with AD Account Import. The import is bringing all the AD accounts but not syncing it with the respective user identities. I am simply mapping username=name. Below are the configurations I have. I do not find much details in the logs about it too? Can someone please advise if it is missing anything ? the username and name are the same values for all users
ACCOUNT_ATTRIBUTE:
[
name::danaher-SharedServices-EmployeeID#String,
DISPLAYNAME::displayName#String,
CUSTOMPROPERTY1::CN#String,
CUSTOMPROPERTY2::sn#String,
CUSTOMPROPERTY3::givenName#String,
CUSTOMPROPERTY4::sAMAccountName#String,
CUSTOMPROPERTY5::distinguishedName#String,
CUSTOMPROPERTY6::danaher-SharedServices-EmployeeStatus#String,
CUSTOMPROPERTY7::objectGUID#Binary,
UPDATEDATE::whenChanged#date,
CREATED_ON::whenCreated#date,
ACCOUNTCLASS::objectClass#String,
ACCOUNTID::distinguishedName#String,
RECONCILATION_FIELD::CUSTOMPROPERTY7
]
STATUS_THRESHOLD_CONFIG:
{
"statusAndThresholdConfig": {
"statusColumn": "customproperty6",
"activeStatus": ["Active", "On Leave"],
"deleteLinks": true,
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": true
}
}
@SB thank you for the response. Below is the logs info. Looks like it is not correlating any of the accounts with its identities. Please can you advise.
2023-03-22/10:14:09.681 [{}] [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - Associating Users and Accounts
2023-03-22/10:14:10.415 [{}] [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - Orphan Accounts- 14466
2023-03-22/10:14:10.415 [{}] [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - Rule: (users.username) = accounts.name
2023-03-22/10:14:10.415 [{}] [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - sql =
SELECT USERS.USERKEY AS USERKEY, ACCOUNTS.ACCOUNTKEY AS ACCOUNTKEY FROM ACCOUNTS ACCOUNTS
LEFT JOIN USER_ACCOUNTS UA ON ACCOUNTS.ACCOUNTKEY = UA.ACCOUNTKEY
LEFT JOIN USERS USERS ON
(users.username) = accounts.name
WHERE ACCOUNTS.ENDPOINTKEY = 8 AND ACCOUNTS.STATUS IN ('Active','InActive','1','Manually Provisioned','2','SUSPENDED FROM IMPORT SERVICE','Manually Suspended')
AND ACCOUNTS.ACCOUNTKEY IS NOT NULL AND UA.ACCOUNTKEY IS NULL
AND ACCOUNTS.NAME IS NOT NULL AND USERS.USERNAME IS NOT NULL
2023-03-22/10:14:10.659 [{}] [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - Total accounts to be correlated = 0
2023-03-22/10:14:10.660 [{}] [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - User-accounts correlated: 0
2023-03-22/10:14:10.928 [{}] [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - Orphan Accounts remaining- 14466
@SB I am also observing that the status values is null for the accounts probably due to which it is not satisfying the correlation query. Here is what I see for a sample user.
But customproperty 6 has 'Active' for this user and we are setting the status using this as per the status_threshold config. Any reason why it would fail to update the status ?
