Missing attribute value when creating AD account by adding AD entitlements

longinuschanGT · November 11, 2025, 9:57am

Hi,

I am trying to create an AD account for an identity.

Here is the Create Account setting, which will create displayName with the “Full Name” identity attribute value.

However, we checked that the AD account created, the displayName value is empty.

Although we tried to aggregate AD accounts again, it is still showing empty.

The identity does contains value for “Full Name”.

We also checked the account event, it looks normal without error

Actually, displayName is just one of the missing values, there are other attributes that do not have value, although we have set them on Create Account.

May I know is there any miss configuration resulting this behaviour?

Many thanks.

vguleria · November 11, 2025, 10:25am

Hi @longinuschanGT

Can you please check in the account activity where the account was created, if it contains the displayname attribute in it?

This is very weird and i can only think if the attribute is in the excluded list of attributes for provisioning on source json.
Otherwise it should work with the configuration i see in attached screenshots.
I hope this helps.
Thank You.
Regards
Vikas.

j_place · November 11, 2025, 12:18pm

Hi @longinuschanGT What attributes have you configured for Account ID and Account Name in the AD Account Schema?

amit_1140 · November 11, 2025, 1:36pm

@longinuschanGT -

Could you provide the provisioning policy form from the back end for the create operation.

https://developer.identitysoon.com/idn/api/v3/get-provisioning-policy/index.html

longinuschanGT · November 12, 2025, 3:26am

Hi Jeremy,

We configured distinguished name for account id and sAMAxxountName as account name.

Hi Kumar,

We got the following from the api:

Hi Vikas,

Thank you for the insight, we observe the following from Search:

The specified directory service attribute or value does not exist.

However, we do observe existing AD accounts on the same OU as gtuser, has value on displayName, and displayName does exists on account schema.

j_place · November 12, 2025, 10:30am

HI @longinuschanGT The error you are getting indicates that one or more attribute mappings in your provisioning policy are not configured correctly, either the target attribute name is incorrect or the value doesn’t meet AD syntax constraints. It is not necessarily the displayName attribute causing the problem.

As @amit_1140 says, if you could post your povisioning policy we could review, but also you could start with a default provisioning policy and then add attributes to determine which one is causing the problem.

One to check first could be userPrincipalName - are you using a transform? Looking at your identity attribute values, make sure it’s not generating 2 “@”s in the value.

longinuschanGT · November 12, 2025, 2:26pm

Hi Jeremy, thank you for the suggestion.

I am trying to isolate the isssue, I disabled most of the problematic create account attributes, except displayName.

Then I create gtuser20 again, which shows displayName is does not exist only.



{
    "name": "Account",
    "description": null,
    "usageType": "CREATE",
    "fields": [
        {
            "name": "ObjectType",
            "transform": {
                "type": "static",
                "attributes": {
                    "value": "User"
                }
            },
            "attributes": {
                "cloudRequired": "true"
            },
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "distinguishedName",
            "transform": {
                "type": "rule",
                "attributes": {
                    "name": "Create Unique Account ID"
                }
            },
            "attributes": {
                "template": "CN=$(lanId),OU=Personal Accounts,----",
                "cloudMaxUniqueChecks": "50",
                "cloudRequired": "true"
            },
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "sAMAccountName",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "lanId"
                }
            },
            "attributes": {
                "cloudMaxUniqueChecks": "50",
                "cloudMaxSize": "20",
                "cloudRequired": "true"
            },
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "manager",
            "transform": {
                "type": "rule",
                "attributes": {
                    "name": "Get Manager LDAP DN"
                }
            },
            "attributes": {
                "cloudRequired": "true"
            },
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "mail",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "password",
            "transform": {
                "type": "rule",
                "attributes": {
                    "name": "Create Password"
                }
            },
            "attributes": {
                "cloudRequired": "true"
            },
            "isRequired": false,
            "type": "secret",
            "isMultiValued": false
        },
        {
            "name": "givenName",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "sn",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "pwdLastSet",
            "transform": {
                "type": "static",
                "attributes": {
                    "value": "false"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "boolean",
            "isMultiValued": false
        },
        {
            "name": "IIQDisabled",
            "transform": {
                "type": "static",
                "attributes": {
                    "value": "false"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "boolean",
            "isMultiValued": false
        },
        {
            "name": "primaryGroupDN",
            "transform": {
                "type": "static",
                "attributes": {
                    "value": ""
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "description",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "section"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "telephoneNumber",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "phone"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "msNPAllowDialin",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "homeMDB",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "mailNickname",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "shadowAccountDN",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "msExchHideFromAddressLists",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "boolean",
            "isMultiValued": false
        },
        {
            "name": "SipAddress",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "SipDomain",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "SipAddressType",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "msNPCallingStationID",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": true
        },
        {
            "name": "msRADIUSCallbackNumber",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "msRADIUSFramedRoute",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": true
        },
        {
            "name": "msRADIUSFramedIPAddress",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "RegistrarPool",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "dNSHostName",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "msDS-SupportedEncryptionTypes",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": true
        },
        {
            "name": "msDS-ManagedPasswordInterval",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "msDS-GroupMSAMembership",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": true
        },
        {
            "name": "msDS-AllowedToActOnBehalfOfOtherIdentity",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": true
        },
        {
            "name": "servicePrincipalName",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": true
        },
        {
            "name": "externalEmailAddress",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "userPrincipalName",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "title",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "jobTitle"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "department",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "employeeID",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "company",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "division",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "cn",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "lanId"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "extensionAttribute1",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "extensionAttribute2",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "nickName"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "extensionAttribute3",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "chineseName"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "extensionAttribute5",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "accountOwner"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "extensionAttribute8",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "section"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "extensionAttribute10",
            "transform": null,
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "dirSyncEnabled",
            "transform": {
                "type": "static",
                "attributes": {
                    "value": "true"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        },
        {
            "name": "displayName",
            "transform": {
                "type": "identityAttribute",
                "attributes": {
                    "name": "fullName"
                }
            },
            "attributes": {},
            "isRequired": false,
            "type": "string",
            "isMultiValued": false
        }
    ]
}

Which shows the “displayName” transfrom is getting Full Name identity attribute.

j_place · November 12, 2025, 2:39pm

Hi @longinuschanGT - I’m not sure that dirSyncEnabled is an AD attribute. Also you don’t appear to be populating userPrincipalName

system · January 11, 2026, 2:39pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AD Accounts Creation with empty values ISC Discussion and Questions identity-security-cloud	3	534	February 16, 2024
AD: Account created but some attributes are not updated properly ISC Discussion and Questions identity-security-cloud , provisioning	4	1634	January 15, 2024
AD Provisioning Issue – Only Account ID and Account Name Mapping, Other Attributes Blank ISC Discussion and Questions identity-security-cloud , provisioning	6	104	May 10, 2025
Changing provisioning policy when creating an AD account ISC Discussion and Questions identity-security-cloud	11	83	November 22, 2025
AD Connector as Target ISC Discussion and Questions identity-security-cloud , provisioning	22	171	June 2, 2025

Missing attribute value when creating AD account by adding AD entitlements

Related topics