Access Request for two different domain

anshu77 · March 23, 2024, 5:04am

Which IIQ version are you inquiring about?

Version 8.3

Share all details related to your problem, including any error messages you may have received.

Access Request for two different domain
Hello Experts,

I have two domain controller, I am trying to add a member from 1 DC user to 2 DC’s entitlement. I saw that multi domain but I am finding it very difficult to implement.

Kindly help in the batchrun or advise.

https://community.sailpoint.com/t5/Technical-White-Papers/Integrating-with-Active-Directory-Multi-Do…

operation,application,attributeName,attributeValue,nativeIdentity
“AddEntitlement”,“Active Directory”,“memberOf”,“CN=test_group1,OU=MINE Groups,OU=MINE-MINEI ,OU=MINEEE D,DC=MIN,DC=MINEEE,DC=com”,“CN=Test User1,OU=CTD Users,OU=MINEEE Data,DC=MINEEEctd,DC=com”

Error -

sailpoint.tools.GeneralException: Exception occurred while executing the RPCRequest: Errors returned from IQService. Object reference not set to an instance of an object. at sailpoint.connector.RPCService.execute(RPCService.java:540) at sailpoint.connector.ADLDAPConnector.handleObjectRequest(ADLDAPConnector.java:6080) at sailpoint.connector.ADLDAPConnector.provision(ADLDAPConnector.java:5288) at sailpoint.connector.ConnectorProxy.provision(ConnectorProxy.java:1113) at sailpoint.integration.ConnectorExecutor.provision(ConnectorExecutor.java:160) at sailpoint.provisioning.PlanEvaluator.provision(PlanEvaluator.java:1630) at sailpoint.provisioning.PlanEvaluator.execute(PlanEvaluator.java:956) at sailpoint.provisioning.PlanEvaluator.execute(PlanEvaluator.java:839) at sailpoint.provisioning.PlanEvaluator.execute(PlanEvaluator.java:738) at sailpoint.api.Provisioner.execute(Provisioner.java:1732) at sailpoint.workflow.IdentityLibrary.provisionProject(IdentityLibrary.java:3199) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sailpoint.server.ScriptletEvaluator.doCall(ScriptletEvaluator.java:134) at sailpoint.server.ScriptletEvaluator.evalSource(ScriptletEvaluator.java:63) at sailpoint.api.Workflower.evalSource(Workflower.java:5938) at sailpoint.api.Workflower.advanceStep(Workflower.java:5177) at sailpoint.api.Workflower.advance(Workflower.java:4564) at sailpoint.api.Workflower.startCase(Workflower.java:3150) at sailpoint.api.Workflower.launchSubcase(Workflower.java:5480) at sailpoint.api.Workflower.launchSubcases(Workflower.java:5373) at sailpoint.api.Workflower.advanceStep(Workflower.java:5164) at sailpoint.api.Workflower.advance(Workflower.java:4564) at sailpoint.api.Workflower.startCase(Workflower.java:3150) at sailpoint.api.Workflower.launchSubcase(Workflower.java:5480) at sailpoint.api.Workflower.launchSubcases(Workflower.java:5373) at sailpoint.api.Workflower.advanceStep(Workflower.java:5164) at sailpoint.api.Workflower.advance(Workflower.java:4564) at sailpoint.api.Workflower.startCase(Workflower.java:3150) at sailpoint.api.Workflower.launchSubcase(Workflower.java:5480) at sailpoint.api.Workflower.launchSubcases(Workflower.java:5373) at sailpoint.api.Workflower.advanceStep(Workflower.java:5164) at sailpoint.api.Workflower.advance(Workflower.java:4564) at sailpoint.api.Workflower.startCase(Workflower.java:3150) at sailpoint.api.Workflower.launchInner(Workflower.java:2819) at sailpoint.api.Workflower.launch(Workflower.java:2672) at sailpoint.api.Workflower.launchSession(Workflower.java:2542) at sailpoint.api.IdentityLifecycler.launchUpdate(IdentityLifecycler.java:144) at sailpoint.api.IdentityLifecycler.launchUpdate(IdentityLifecycler.java:164) at sailpoint.workflow.BatchRequestLibrary.runWorkflow(BatchRequestLibrary.java:406) at sailpoint.workflow.BatchRequestLibrary.launchBatchWorkflows(BatchRequestLibrary.java:365) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sailpoint.server.ScriptletEvaluator.doCall(ScriptletEvaluator.java:134) at sailpoint.server.ScriptletEvaluator.evalSource(ScriptletEvaluator.java:63) at sailpoint.api.Workflower.evalSource(Workflower.java:5938) at sailpoint.api.Workflower.advanceStep(Workflower.java:5177) at sailpoint.api.Workflower.advance(Workflower.java:4564) at sailpoint.api.Workflower.startCase(Workflower.java:3150) at sailpoint.api.Workflower.launchInner(Workflower.java:2819) at sailpoint.api.Workflower.launch(Workflower.java:2672) at sailpoint.api.Workflower.launchSession(Workflower.java:2542) at sailpoint.task.BatchRequestTaskExecutor.runWrapperWorkflow(BatchRequestTaskExecutor.java:533) at sailpoint.task.BatchRequestTaskExecutor.execute(BatchRequestTaskExecutor.java:284) at sailpoint.api.TaskManager.runSync(TaskManager.java:909) at sailpoint.api.TaskManager.runSync(TaskManager.java:724) at sailpoint.scheduler.JobAdapter.execute(JobAdapter.java:128) at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)

Thanks

Anshu

abhishek_chowdhury · March 23, 2024, 9:27pm

More details on how the application and entitlements are setup would help, also make sure you are setting nativeidentity in the account request to resolve this error

anshu77 · March 24, 2024, 1:45am

Hi Abhishek,

Thanks for the reply. Both DCs are configured as AD director connector independently with two different IQService connector.

Thanks
Anshu

abhishek_chowdhury · March 24, 2024, 2:54am

Okay make sure your provisioning plan is correct and native identity set for the account request

kjakubiak · March 24, 2024, 10:03am

If you could share provisioning plan xml that would help a lot. First thing I’d suggest is to check if for each ad application you have separate account request otherwise it might fail. Right now it looks like Iqservice has aprovlem with provisioning - that might be because eg. using wrong iqservice to provision to the domain.

anshu77 · March 24, 2024, 11:52am

Hi Kamil,

Thanks for the reply. Just to check I am trying if I can add entitlement using batch request, I am using only batch request as of now to see if it works or not.

operation,application,attributeName,attributeValue,nativeIdentity
“AddEntitlement”,“Active Directory”,“memberOf”,“CN=test_group1,OU=MINE Groups,OU=MINE-MINEI ,OU=MINEEE D,DC=MIN,DC=MINEEE,DC=com”,“CN=Test User1,OU=Users,OU=MINEEE Data,DC=MINEEEctd,DC=com”

Thanks
Anshu

kjakubiak · March 24, 2024, 1:42pm

If you go to entitlements catalogue, do you see this group?

anshu77 · March 25, 2024, 4:13am

Thanks again for the reply. Yes, I can see the group in entitlement catalogue.

system · May 24, 2024, 4:14am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error(s) from IQService - AD provisioning failed \|\| IIQ Discussion and Questions identityiq , provisioning	3	128	August 18, 2024
Failed provisioning of identity in Active Directory IIQ Discussion and Questions aggregation , identityiq , provisioning	6	300	June 2, 2024
Multiple account in single application of AD IIQ Discussion and Questions identityiq , roles , applications	7	311	June 23, 2024
Active Directory - Direct getting DNS mapping error IIQ Discussion and Questions identityiq	7	51	October 22, 2024
Entitlement requested for normal ad account but provisioned to other AD account sailpoint iiq IIQ Discussion and Questions identityiq , provisioning , access-requests , entitlements	1	12	October 23, 2024

Access Request for two different domain

Which IIQ version are you inquiring about?

Share all details related to your problem, including any error messages you may have received.

Related topics