I am trying to move users to disable OU when disable is triggered.I have written LCS transform and before Provisioning Rule and when disable is triggered AC_NewParent and AC_NewName Value are coming. AD account is disabling.
Cloud Automated Disable
ACCOUNT REQUEST
Disable account: CN=XXX.SailPointTest10,OU=xxx,OU=DoIT,OU=xxx,DC=xxx,DC=xxx,DC=xxx
ATTRIBUTE REQUESTS
Add okta_attribute: delete
Set INFO: Adios:status_chg_reason_new
Set description: Adios:null
Set AC_NewParent: OU=DisabledUsers,OU=xxx,DC=xxxx,DC=xxxx,DC=xxxx
Set AC_NewName: CN=xxx.SailPointTest10
But Disable Account Failed with below error message
[“Error(s) reported back from the IQService - Failed to update attributes for identity CN\u003dXXX.SailPointTest10,OU\u003dxxxxOU\u003dxxxx,OU\u003dxxx,DC\u003dxxx,DC\u003dxxxx,DC\u003xxxx. The specified directory service attribute or value does not exist. 00000057: LdapErr: DSID-0C090FEC, comment: Error in attribute conversion operation, data 0, v4563. HRESULT:[0x8007200A]”]
Steps I followed
- LifeCycleState Transform implemented
- Before Provisioning Rule deployed
- Added AC_NewName,AC_NewParent and custom attributes in create account of AD and AD Create provisioning policy
- In the Identity profile of source added custom attributes
- Mapped AC_NewName,AC_NewParent and custom attributes with identity attributes
- Did attribute sync in AD.