Active Directory Account SearchDN resetting

milinaphalke · December 15, 2023, 6:12am

Which IIQ version are you inquiring about?

Version 8.2

Please share any other relevant files that may be required (for example, logs).

Share all details related to your problem, including any error messages you may have received.

Team, we’ve identified an unusual issue where, upon executing the Provisioner_API (file attached) code, the account search DN is being reset as the baseDN for the Active Directory application. We’ve observed this behavior consistently across all environments. Could you please investigate and provide guidance on what might be causing this issue?

  Identity drIdent = context.getObjectByName(Identity.class, identityName);

  ProvisioningPlan adPlan = new ProvisioningPlan();
  adPlan.setIdentity(drIdent);

  if(null != adPlan)
  { 
    AccountRequest acctReq = new AccountRequest();
    acctReq.setOperation(AccountRequest.Operation.Modify);
    acctReq.setApplication("IIQ");
    acctReq.setNativeIdentity(identityName);

    acctReq.add(new AttributeRequest("assignedRoles",ProvisioningPlan.Operation.Add,"SAP-EMP-BR"));

    adPlan.add(acctReq);
  }

  custLog.debug("END Nav-CustomLCM-CreateUpdateDealer Workflow V1 :Provision New Account : AD PLAN TO XML ***##### :"+adPlan.toXml() ); 

  Provisioner provisioner = new Provisioner(context); 
  provisioner.setNoLocking(true);
  provisioner.setOptimisticProvisioning(true);
  ProvisioningProject project =  provisioner.compile(adPlan);
  provisioner.execute(adPlan);

kjakubiak · December 15, 2023, 3:31pm

Hi Milina,
Do you have any provisioning policy in the assigned role or in the AD app definition?

Jarin_James · December 16, 2023, 3:05pm

Hi @milinaphalke ,

The code snippet you shared is for provisioning a Role in IIQ. It doesn’t have any direct relation to the attributes of AD. As @kjakubiak mentioned check the provisioning policy or if there is any logic in Before Provisioning Rule which is causing this.

milinaphalke · December 21, 2023, 1:21pm

Thank for your inputs.
Yes a provisioning policy is associated which had a rule causing the issue.

milinaphalke · December 21, 2023, 1:21pm

Thanks for your inputs.
It helped to resolve the issue.

system · February 19, 2024, 1:22pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AD Application Provisioning Policy Form Dynamic List IIQ Discussion and Questions identityiq , provisioning , forms	8	82	November 11, 2024
Provisioning Active directory account (Account Creation) using a rule IIQ Discussion and Questions rules , identityiq , provisioning	6	2018	December 22, 2023
Active Directory Account Provisioning on Identity Cube Creation IIQ Discussion and Questions identityiq , provisioning	14	1213	January 15, 2024
Remove Provisioning request from a Rule for AD IIQ Discussion and Questions workflows , rules , identityiq , provisioning	5	85	December 22, 2024
Error with Active Directory User creation IIQ Discussion and Questions identityiq , provisioning	6	1036	October 27, 2023

Active Directory Account SearchDN resetting

Which IIQ version are you inquiring about?

Please share any other relevant files that may be required (for example, logs).

Share all details related to your problem, including any error messages you may have received.

Related topics