IAMKhalid
January 15, 2026, 12:32pm
1
Which IIQ version are you inquiring about? 8.4 / 8.5
Please share any other relevant files that may be required (for example, logs).
Form.txt (2.3 KB)
Quick link.txt (800 Bytes)
workflow.xml (21.9 KB)
Share all details about your problem, including any error messages you may have received.
My requirement is to create a contractor or external user and then assign an Active Directory (AD) group to that user. For this purpose, I have implemented a workflow, a custom form with all required fields, and a QuickLink.
The issue I am facing is that the user is being created successfully in IIQ, but the AD account is not being created and the AD group is not being assigned. I will attach the relevant files for reference.
msingh900
January 15, 2026, 1:11pm
2
@IAMKhalid
Are you seeing any error related to AD Account creation in Logs.
What is the process of creating an AD account you are using in your Workflow?
Can you please the full set of requirements.
Thanks
sukarande
January 15, 2026, 2:08pm
3
Any exception in backend.
Are you able to see logs printed which you mentioned on line 376,378?
msingh900
January 15, 2026, 2:30pm
4
In the workflow, I could see you are creating a plan for AD account creation but some mandatory field values are missing like password.
I would suggest adding the password in your plan and then try to process it.
msingh900
January 15, 2026, 2:30pm
5
Set a dummy password in the plan.
Thanks
IAMKhalid
January 15, 2026, 7:24pm
6
when i fill the form , it creates user in IIQ and logs says “
IAMKhalid
January 15, 2026, 8:02pm
7
No Currently only logs are “nativeIdentity jack.chan is invalid!!”
msingh900
January 15, 2026, 8:21pm
8
try passing identity name in setNativeIdentity method.
msingh900
January 15, 2026, 8:22pm
9
Are you using any field value rule or script for samAccountName ?
IAMKhalid
January 15, 2026, 8:33pm
10
yes i tried this there is some progress, i will keep you posted. thank you for the help.
msingh900
January 15, 2026, 8:35pm
11
Let me know if it resolves or not.
Thank you !
1 Like
msingh900
January 17, 2026, 5:26pm
12
If it resolved your problem. Please mark it as a solution and close this discussion.
Thanks
@IAMKhalid I checked your plan in workflow.
you need to fix some parts.
a. acctReq.setNativeIdentity(samAccountName); // should be dn not samAccountName. dn is might be you can create dn = displayname + container
b. password is missing for create ad account
acctReq.add(new ProvisioningPlan.AttributeRequest(“password”, somePassword));
c. container you don’t need or it might not supported
d. check samAccountName length, AD only support 20 chars so it might blocking you. so you need to add some logic to truncate.
e. optimisticProvisioning is missing so you have to wait for aggregation to pull the AD account to add in Group.
f. you need to create another account request for IIQ to update some attribute in identity at same time.
let me know if you still facing issue on create. happy to help.
thanks,
Pravin
2 Likes
IAMKhalid
January 19, 2026, 6:35am
14
Thank you @pravin_ranjan , yes the error was in “acctReq.setNativeIdentity(samAccountName); // should be dn not samAccountName. dn is might be you can create dn = displayname + container”
IAMKhalid
January 20, 2026, 7:40am
15
I have one more question instead of AD Account creation logic in the workflow, can i use Provisioning Policies –> Create Account policy which is already configured.
IAMKhalid
January 20, 2026, 7:46am
16
msingh900
January 20, 2026, 8:00am
17
In the provisioning policy, you can write filed value rule or script to automate the generation of attribute value.
1 Like
sukarande
January 20, 2026, 8:16am
18
Yes, you can do it. You autogenerate your values.
1 Like
As Manish Mentioned, In Account provisioning policy, you can add rule or script logic for value but that we do for common attribute setup so you don’t need to write logic in custom workflow.
