UniqueCounter is not working for UniqueAccountIdValidator on AD

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hello community!

I am working on a new source. Exactly an Active Directory source and i am trying to set a uniqueCounter on the distinguishedName but it is not working.
I will explain the case: I have an active directory source with the following account schema: AccountId as distinguishedName and AccountName as sAMAccountName.

And in the create account provisioning policy i have set the distinguishedName as a Create Unique Account ID generator with the pattern CN=$(name)$(uniqueCounter),DC=Domain,DC=com.

But it is failing and apparently is because of the uniqueCounter. i tried the same without the counter and is working correctly.

The error given is:

Unable to generate a unique value for ‘[email protected]’, action UniqueAccountIdValidator[nativeIdentity=CN=xyz,DC=xyz,DC=com,app=Active Directory] is not retry-able due to InterruptedException: Timeout waiting for response to message 16 from client 523d20c9-a0ce-403c-9604-35867de3772a after 30 seconds.

Kind regards,
Pablo

2

Account ID Generator with UniqueCounter connects to the source for uniqueness checking. Based on the error you are receiving it seems like Timeout is occurring during this process.

I would suggest that you try again after sometime and if the error keeps appearing, contact SailPoint Support (unless you see issues with connectivity to the source)

3

Hello,

Thanks for your response, but when i remove the uniqueCounter it works fine always. I think it is not about a connectivity issue.

Also I reviewed with the IQService and it is not trying to create it.
Any idea?

Regards

4

Hi @pablonovoa - You don’t appear to have any OUs in your DN. Can you clarify whether you removed them for clarity or are attempting to create Users directly in the naming context?

5

Hi @pablonovoa,

The Create Unique Account ID generator follows a particular template as described here where you will need to pass the firstname, lastname and the unique counter like this - ${firstname}.${lastname}${uniqueCounter}. AFAIK, The template only takes these inputs.

I would suggest making use of the username generator transform instead as described here, where you have the flexibility to use different patterns.

6

Hi @jesvin90 I’m not sure I agree with you about the fixed template. The template is passed from the Pattern supplied in the Create Account Profile, and is described here

1 Like