Attribute Modification Provisioning Task Failed

Which IIQ version are you inquiring about?

Version 8.4

Share all details related to your problem, including any error messages you may have received.

Hello All,

We are working on workday integration in sailpoint. The process expected is → Workday (Aggregation) → Refresh Task (To trigger joiner event and create account in AD) → Trusted source 2 (Aggregation) → Refresh Task (To update the few left out attributes)
Upon executing the second time refresh task, Modify AD Provisioning task is getting failed with below error:

image969×92 10.2 KB

If someone have previously faced such kind of issue or have any idea what can be the possible reason and fix for this issue, it would be really helpful.

Thank you!

@ArpitaSB we don’t see error on your above note. pls check.

Hello @pravin_ranjan

I have just added the SS of the error.

Thank you!

What error you see in IQService logs ? verify all of them in the schema of the connector.

Why don’t you do trusted source aggegation from both system before triggering joiner event or refresh task .

Get All the identity attributes 1st , refresh cube then trigger joiner event.

Also the error seems to be very generic.

@ArpitaSB

Share IQService logs and also check what is being send to AD as part of the second refresh, error is some of the attribute which is getting updated in AD as part of this call is not having a constraint violation at target , example like you are trying to update a attribute not event present at AD, 1. Data Type Constraints: Each attribute in AD has a specific data type. If the type of data you’re trying to store in an attribute doesn’t match the defined data type, you’ll get a violation.
2. Uniqueness Constraints: Some attributes in AD must be unique across the entire directory, such as sAMAccountName and userPrincipalName. If you try to use a value that’s already in use, you’ll get a violation.

It can be anything we can comment only based on the plan or attributes and corresponding values you are sending as part of this call to AD

Hi @ArpitaSB,

you are updating one AD attribute that you cant update or with an unsupported format.
In AD exist a lot of attributes auto-calculated(WhenCreated, WhenChanged), other that they accept a set of value(UAC) and other must be unique(SAMaccountName,dn,cn…).
Please, check your provisioing plan and verify every single attribute. The easy way is try to modify those attributes with prov.plan values directly on AD, with apache directory studio or LDAP admin.

Hello @enistri_devo @iamksatish @vishal_kejriwal1 @pravin_ranjan

Thank you so much for your response!
Here we are trying to update the modified value in AD through target mapping. Is it possible someway, there is some problem in this due to which we are getting this error?

Thank you so much for all the responses.
I am able to resolve the issue now.

I referred to the below diagram and article in the community portal. Using which, I was able update the modified values of attributes in the AD.

Link: What is difference between Source Mapping and target Mapping, when use Target Mapping

image452×637 25.8 KB

what does this have to do with your problem?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.