Unable to send null value on manager attribute in AD via attributeSync

ashish_kumar3284 · June 23, 2023, 12:31pm

Hello Sailors,

I am trying to set a null value to the manager attribute using the attribute sync and transform on the Identity attribute. As per transform, the identity attribute is populating with a null value but when trying to push the same value to AD’s manager attribute via attribute sync, getting the below exception.

I tried to set the value as “not set” but still got the same error.

Checked with AD team, and there is no policy on the manager attribute which is restricting this.

Please provide your valuable input.

@colin_mckibben @ethompson @sunnyajmera @sharvari

sharvari · June 23, 2023, 1:10pm

I would recommend using below snippet to set the manager value to null in the transform.

"blank": {
	"attributes": {
		"value": ""
	},
	"type": "static"
}

Use $blank in your transform wherever you want to set manager value to null.

ashish_kumar3284 · June 23, 2023, 1:32pm

Hello @sharvari,

Thank you for sharing the code snippet and it is working as expected on Identity Attribute. But, while promoting the value to AD attribute via attribueSync. It is not working and throwing the below exception:

anneragh · June 23, 2023, 1:39pm

@ashish_kumar3284 That is strange, Looks like the blank value is getting overwritten someplace. Do you have the OU it is showing in the error configured in create account profile/transformation?

ashish_kumar3284 · June 23, 2023, 1:44pm

@anneragh Yes, OU is there. If I will pass a value of another account as manager, it will be set without fail.

atarodia · June 23, 2023, 1:51pm

Hi @ashish_kumar3284,

Could you please show the manager attribute in create account profile?

For the value to be set as null, you should not pass any value in create account profile.

ashish_kumar3284 · June 23, 2023, 2:07pm

@atarodia Please refer below:

{
  "name": "manager",
  "transform": {
      "type": "identityAttribute",
      "attributes": {
          "name": "adManagerDn"
      }
  },
  "attributes": {
      "cloudRequired": "true"
  },
  "isRequired": false,
  "type": "string",
  "isMultiValued": false
}

atarodia · June 23, 2023, 3:28pm

This is a very strange behavior. I just tested this is my lab and the sync is working as expected. Any helpful information in IQService logs?

system · August 22, 2023, 3:28pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Null value handling with transform ISC Discussion and Questions transforms , identity-security-cloud	5	831	September 12, 2023
Active Directory manager sync - block for inactive users ISC Discussion and Questions identity-security-cloud , provisioning	5	232	January 21, 2024
Identity Attributes ISC Discussion and Questions transforms , identity-security-cloud	8	375	July 25, 2023
[IdentityNow] Manager DN Transform for AD Create Policy ISC Discussion and Questions transforms , identity-security-cloud , provisioning	15	1044	July 12, 2023
AD Accounts Creation with empty values ISC Discussion and Questions identity-security-cloud	3	256	February 16, 2024

Unable to send null value on manager attribute in AD via attributeSync

Related Topics