8.4P1
For 1 of the Identity in Sailpoint, The refresh task is always trying to create the AD account with incorrect DN like DN=ABC124. The user is already having an AD account with correct DN & data. We are not sure why Sailpoint is trying to create a new account with incorrect DN during the refresh.
Are you running the refresh task with Provision Assignment option checked?
Yes, The refresh task runs with the option “Provision Assignments”.
Could you please check the Identity xml from the debug page? I suspect the Identity has incorrect attribute assignment with DN=ABC124. If this is present, You may need to remove the entry and run refresh Identity cube task with “Provision Assignment” option. This might solve your issue.
Thank you! This worked. I see the attribute assignment was added when the user didnt have AD account.
@Venkatesh_t92 , Good to know you found the solution , But this needs to be addressed in order to avoid future issue . These are moreover the sticky attribute assignment . You can write a rule and schedule it to remove invalid attribute assignment .
Look in to below post , it will provide you the idea -
Logic can be further enhanced as per your environment and requirement .