Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/08/2023 06:37 PM
We have run the Windows bootstrap for on-premises Windows systems, It detected all the local accounts and imported them into the Windows endpoint in Saviynt, however, when we renamed the target account and ran the Windows bootstrap, the new account name did not update.
Is this a know bug or any configuration changes are required in target connection ?
10/09/2023 10:20 AM
@suresh_ravuri: Can you share the ReconcileJSON?
10/09/2023 10:22 AM
{
"ACCOUNT": [
{
"property": "NAME",
"value": "${User}",
"Datatype": "String"
},
{
"property": "DESCRIPTION",
"value": "${Description}",
"Datatype": "String"
},
{
"property": "DISPLAYNAME",
"value": "${FullName}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY22",
"value": "${Enabled}",
"Datatype": "Boolean"
},
{
"property": "ACCOUNTID",
"value": "${SID}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY1",
"value": "${User}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY2",
"value": "${AccountExpires}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY3",
"value": "${PrincipalSource}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY4",
"value": "${ObjectClass}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY5",
"value": "${SID}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY6",
"value": "${PasswordChangeableDate}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY7",
"value": "${PasswordExpires}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY8",
"value": "${UserMayChangePassword}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY9",
"value": "${PasswordRequired}",
"Datatype": "String"
},
{
"property": "RECONCILIATION_FIELD",
"value": "ACCOUNTID",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY11",
"value": "${PSComputerName}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY12",
"value": "${PSShowComputerName}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY13",
"value": "${UserComment}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY14",
"value": "${CountryCode}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY15",
"value": "${WorkstationAllowed}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY16",
"value": "${LogonScript}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY17",
"value": "${UserProfile}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY18",
"value": "${HomeDirectory}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY19",
"value": "${LogonHoursAllowed}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY20",
"value": "${LocalGroupMemberships}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY21",
"value": "${GlobalGroupMemberships}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY30",
"value": "${Enabled}",
"Datatype": "String"
},
{
"property": "TARGETLASTPASSWORDCHANGE",
"value": "${PasswordLastSet}",
"Datatype": "Date"
},
{
"property": "ACCOUNTTYPE",
"value": "${AccountType}",
"Datatype": "String"
}
],
"ACCOUNT_ATTRIBUTES": [
{
"property": "GROUPID",
"value": "${Group}",
"Datatype": "String"
},
{
"property": "USERFLAGS",
"value": "${UserFlags}",
"Datatype": "Integer"
},
{
"property": "COMPUTERNAME",
"value": "${PSComputerName}",
"Datatype": "String"
},
{
"property": "PRINCIPALSOURCE",
"value": "${PrincipalSource}",
"Datatype": "String"
}
],
"ENTITLEMENT": [
{
"property": "TYPE",
"value": "Group",
"Datatype": "String"
},
{
"property": "ENTITLEMENT_VALUE",
"value": "${Group}",
"Datatype": "String"
},
{
"property": "ENTITLEMENTID",
"value": "${Group}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY1",
"value": "${SID}",
"Datatype": "binary"
},
{
"property": "CUSTOMPROPERTY2",
"value": "${PrincipalSource}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY3",
"value": "${ObjectClass}",
"Datatype": "String"
},
{
"property": "Description",
"value": "${Description}",
"Datatype": "String"
},
{
"property": "CUSTOMPROPERTY4",
"value": "${GroupName}",
"Datatype": "String"
},
{
"property": "ENTITLEMENTMAPPINGJSON",
"value": "${ChildEntitlements}",
"Datatype": "String"
}
]
}
10/09/2023 10:35 AM
@Saathvik any changes required to ReconcileJSON ?
10/09/2023 12:55 PM
@suresh_ravuri No I see it looks okay. So if understand correctly account import is successful even after account name changes but only thing is you don't see new account name reflecting instead it still shows old name?
Also by any chance do you see any new entry with new account name?
10/09/2023 01:48 PM
Yes, account name is not reflecting in the endpoint and there is no new entry for the account.
10/13/2023 07:48 AM
@suresh_ravuri @Saathvik This seems to be a limitation and it got introduced in 23.10. Please see the key highlights in the release notes. Link is in the right widget ("Recent Documentation updates") of the Forums -> PAM home page.
Thanks
Nagesh K
10/13/2023 10:15 AM
@NageshK : Thanks Nagesh for pointing this out. But I don't see respective document is talking about this new feature and any changes required in JSON or configurations. I have provided the feedback to documentation team on the same.