Unable to generate incremental samAccountName in AttributeGenerator Rule

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

The code below is for the AttributeGenerator Rule to create samAccountName during AD account provisioning. but is not getting generated incremental value alway A100000 or T100000, it is not increasing A100001, A100002, A100003 … and it is getting failled below error.

Exception occurred while executing the RPCRequest: Errors returned from IQService. “The object already exists. The object already exists. 00000524: UpdErr: DSID-031A11FA, problem 6005 (ENTRY_EXISTS), data 0 00000524: UpdErr: DSID-031A11FA, problem 6005 (ENTRY_EXISTS), data 0 . HRESULT:[0x80071392] For identity: CN=Flhsl, Demol,OU=SailPoint,OU=Test OU Structure,DC=ss,DC=org”


		import sailpoint.object.Identity;
		import sailpoint.object.Link;
		import sailpoint.server.IdnRuleUtil;

		import java.util.Arrays;
		import java.util.ArrayList;
		import java.util.List;

			public String getAccountUserId() {
				for (Object linkObject : identity.getLinks()) {
					Link link = (Link) linkObject;
					if (link.getApplicationName().startsWith("Workday")) {
						return (String) link.getAttribute("USERID");
					}
				}
				return getUserName("Z", 100000, 999999);
			}

			public boolean checkIfAccountAttributeExists(String attributeValue) {
				return idn.attrSearchCountAccounts(Arrays.asList(new String[]{"39485455ca984adcafffb165dd2ec3","d10941b267074acf9d100e8c1cbaf1","d0cfeec0a0e4f2b9f1628d13b90596"}), "promotedsAMAccountName", "Equals", Arrays.asList(new String[]{attributeValue})) > 0;
			}

				public String getUserName(String prefixChar, int userCounter, int maxLimit) {
				String userName = "";
				for (int i = userCounter; i <= (userCounter + maxLimit); i++) {
					userName = prefixChar + i;
					if (!checkIfAccountAttributeExists(userName)) {
						return userName;
					}
				}
				return userName;
			}

			public String createAccountAttribute() {
				String employeeType = identity.getStringAttribute("employeeType");
				int userCounter = 100000;
				int maxLimit = 999;
				List fullemp=new ArrayList();
				fullemp.add("PRN");
				fullemp.add("Temporary");
				fullemp.add("Regular");
				List nonemp=new ArrayList();
				nonemp.add("Agency");
				nonemp.add("Contingent Worker");
				nonemp.add("Independent Contractors");
				nonemp.add("Independent Contractors");
				nonemp.add("Project Augmentation");
				if (fullemp.contains(employeeType)) return getUserName("A", userCounter, maxLimit);
				else if (nonemp.contains(employeeType)) return getUserName("T", userCounter, maxLimit);
				return getAccountUserId();
			}

			return createAccountAttribute();

image
image1190×484 32.9 KB

2

Any help on the above post

3

Do you have an example of generated samAccountName by the rule ?

The error message is generated after your rule exécution because IDN attemp to create account in your active directory.

4

You can see in the below screenshot that alway it try to create sAMAccountName A100000

image
image953×679 36.3 KB

5

Have you run a non-optimized aggregation of your AD source since creating the search attribute?

And does the conflicting account show up in your accounts list after aggregating?

6

I generated a random number instead of a squeal number, and then it worked.