AD Connector as Target

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hi All,

Question : I am trying to do Provisioning in my source i.e., Active Directory. Accounts are getting created in AD but all the attributes are not populating in AD end.

For example : I am sending “displayName” value via Create Account page but while doing provisioning it is failing. Value are not getting stored in AD .

But when I trying to do so directly in AD with same Service Account I am able to update its display name.

Kindly help with the issue.

The directory service cannot perform the requested operation on the RDN attribute of an object.

2

Hi,
Can you please share the Account Activity for the user ?

4

Attributes after cn, like eduPersonAffiliation and others are not present in Account Schema.

How even they are getting populated there?

5

They would be coming from the Create Account if you have added them. So if you want to remove them you can remove it.

6

they are not present in Create Account page:(

7

Any suggestion on this, as the red sign besides the attributes are those which is not getting populated in AD end

8

@RAKRHEEM Please find the Account Activity Screenshot

9

HI @RAkhauri ,

We don’t see the screenshot attached. Could you please attach it again?

10

Hi @RAkhauri ,

as mentioned by @RAKRHEEM above please check the account activity in search tab if all the attributes are populating correctly as provided in the create account, check if any of the attribute format is not correct for ex: manager dn or expiredate, try providing static values in create account and test creating account

11

If your base account creation is not showing AD after provisioning and there are attribute errors, look in the Provisioning Settings area of the source configuration.

Make sure that “Rollback Partially Created Account” is NOT checked.

image
image1064×259 12 KB

I would also verify the createAccount profile using the API.

get-provisioning-policy | SailPoint Developer Community