Saviynt Forums

@SowmithriV , is mapping working for PrimaryGroupID?

yes I can see Primary Groups mapped to the accounts. Account-Ent Mapping is working. 

try removing ADDUSERENT and only keeping MemberENT once...

and also, what is the accountID set currently? ObjectGuid or DN

Here are a few steps you can take to troubleshoot this issue:

1. Verify Group Exists: Ensure that the group with the ID "1181" exists in Active Directory.

2. Check Attribute Mapping: Double-check the attributes being used in the ADD operation. Make sure that all required attributes are being provided and that their values are correctly formatted.

3. Permission Check: Ensure that the account you're using to perform the ADD operation has the necessary permissions to add users to groups in Active Directory.

4. Data Validation: Check if there are any constraints on the attributes you're trying to set. For example, if the group has restrictions on the types of users that can be added, ensure that the user you're trying to add meets those criteria.

5. Syntax Issues: 

6. Review Logs: 

Hi @rushikeshvartak and @NM Thank you for your responses. We were able to update the primary group of an AD account by,

1. Adding the new group to the account
2. Setting it as primary for the account
3. Removing the old group from the account

Right now we have created an analytics to generate add access of the new group and when the workday recon runs, it triggers the disable task (includes removing all the groups + setting the group added via analytics as primary). Problem now is, since the workday recon marks the status of the user as inactive, the add access generated by the Analytics is not getting provisioned and we are seeing "User xxx is not active" in the Provisioning Comments.

Is there any other way to handle it?

@NM @rushikeshvartak ,  There are chances, there will be new terminations entered during the Workday recon run dynamically which will be missed, if we use the Analytics.