Refreshing an identity generates error "Unable to find dependencyValue"

ninosp · March 9, 2026, 9:26am

Hi,

We are running 8.4p1.

We have issues with identites that have been on leave. When they are on leave they are in an OU=Disabled in AD, when they come back they are moved back to OU=Department. This is done manually, not through IIQ logic.

When I run refresh identity we get the following error:

ERROR QuartzScheduler_Worker-4 sailpoint.task.IdentityRefreshExecutor:1649 - RefreshWorker 1 exception:Unable to find dependencyValue [distinguishedName] for application [AD] using current project or an existing link.

This is because (I think) many of our applications have this setting active:

<AppDependency applicationName="AD" schemaAttributeName="distinguishedName"/>

When I set “Provision assignments” on the task to false the error above disappears but then it obviously does not provision the entitlements.

What I have done so far:

Aggregated and verified that DN is correct across all accounts for the user, meaning they have OU=Department set correctly.
I have verified that Native Identity Change Event Propagation Settings is activated Global Settings > IdentityIQ Configuration > Miscellaneous
On the apps that are dependent on AD (i.e <AppDependency>), we have a BeforeProvisioning rule, I have tried logging a message but it does not go through that rule.

But nothing has helped, IIQ throws the error above and does not provision entitlements from an assigned role.

Here is my task definition:

       `<entry key="checkHistory" value="false"/>`

<entry key="checkPolicies" value="false"/>
<entry key="correlateEntitlements" value="true"/>
<entry key="correlateScope" value="false"/>
<entry key="deleteDormantGroups" value="false"/>
<entry key="disableIdentityProcessingThreshold" value="false"/>
<entry key="disableManagerLookup" value="true"/>
<entry key="doManualActions" value="false"/>
<entry key="enableManualAccountSelection" value="false"/>
<entry key="enablePartitioning" value="false"/>
<entry key="excludeInactive" value="false"/>
<entry key="filter" value="name=="isahag""/>
<entry key="filterNeedsRefresh" value="false"/>
<entry key="forceWorkflow" value="false"/>
<entry key="includeWindowModified" value="false"/>
<entry key="keepInactiveViolations" value="false"/>
<entry key="markDormantScopes" value="false"/>
<entry key="maxExceptions" value="5"/>
<entry key="noAutoCreateScopes" value="true"/>
<entry key="noMaintenanceWindowRetry" value="false"/>
<entry key="noResetNeedsRefresh" value="false"/>
<entry key="noRoleDeprovisioning" value="false"/>
<entry key="processTriggers" value="false"/>
<entry key="promoteAttributes" value="false"/>
<entry key="promoteManagedAttributes" value="false"/>
<entry key="provision" value="true"/>
<entry key="refreshCertifications" value="false"/>
<entry key="refreshCompositeApplications" value="false"/>
<entry key="refreshGroups" value="false"/>
<entry key="refreshIdentityEntitlements" value="true"/>
<entry key="refreshManagerStatus" value="false"/>
<entry key="refreshRoleMetadata" value="true"/>
<entry key="refreshScorecard" value="false"/>
<entry key="synchronizeAttributes" value="false"/>
<entry key="taskCompletionEmailNotify" value="Failure"/>
<entry key="taskCompletionEmailTemplate" value="Task Status"/>

Here’s another post about the same problem dependencyValue beteween applications error - IdentityIQ (IIQ) / IIQ Discussion and Questions - SailPoint Developer Community but no resolution

Nino

SivaprakashRNTBCI · March 9, 2026, 9:45am

@ninosp Please check if user have an AD account for whom refresh is failing. if exists check if it is uncorrelated.

ninosp · March 9, 2026, 9:50am

Hi, the account exists on source and is correlated in IIQ with correct DN.

SivaprakashRNTBCI · March 9, 2026, 10:10am

@ninosp Enable logger for below two classes and run the refresh task. This will provide you more details on what is happening. Based on that you can debug and fix the issue.
sailpoint.provisioning.PlanEvaluator
sailpoint.provisioning.DependencyEvaluator

neel193 · March 9, 2026, 3:01pm

@ninosp As dn is changing outside, then NICE tasks should be able to update all references. Could you please check how many NICE events you have in your system? NICE module is pretty new and not sure how stable it is. You might want to coordinate with Sailpoint Support to figure out if NICE tasks can update DepedencyApp references or not.

ninosp · March 10, 2026, 1:11pm

It was indeed an issue with aggregation. I had only aggregated some of the accounts for the user thinking that the other accounts were already up to date by another task that aggregates every night. That task had failed for some unrelated reason so some account references must have been stale even though they showed the proper AD DN.

Thanks!

Topic		Replies	Views
dependencyValue beteween applications error IIQ Discussion and Questions identityiq , provisioning , applications , servicenow	9	217	June 17, 2024
Refresh Task is trying to create AD Account with incorrect DN IIQ Discussion and Questions identityiq , provisioning	6	85	September 28, 2025
IT role entitlement not being provisioned IIQ Discussion and Questions identityiq , roles	4	120	March 1, 2025
Refresh Identity not provisioning Target app IIQ Discussion and Questions workflows , rules , identityiq , provisioning , connectors	6	81	April 1, 2025
Refresh Task Failure IIQ Discussion and Questions identityiq	7	113	March 8, 2026

Refreshing an identity generates error "Unable to find dependencyValue"

Related topics