on 2021 Feb 02 6:40 PM
Hello SAP IDM Experts! After spending 1⅔ years working in the SailPoint IdentityIQ space, I'm back in the wonderful world of SAP IDM. Did you all miss me? 🙂
Anyway, I'm running into an issue that I don't think I've ever seen before. I have a process that's setup to create secondary AD accounts for users, admin level accounts specifically. Right now, the process is faulty and it's erring every time. We have the fix for this in the works but in the meantime, we'd like to setup a notification to go out whenever CreateADSUser fails. However, my issue is... CreateADSUser is showing an error in the job log that the account isn't being created due to an LDAP 19 error and the account doesn't exist in AD *BUT* at the bottom in the Provisioned Entries section, it's still calling the operation a success, see below screenshot.
Huh? Why is this still considered a success when the account wasn't created and clearly ended in error when putNextEntry failed? Trying to kick off a notification task on failure won't work if the system doesn't think it failed. Am I missing something?
Hi Brandon,
Hope you are well. It is great to see you back. I am also joining a SailPoint IdentityIQ team to deliver some thing. I wonder if you can write some thing comparing IIQ to SAP IdM. which features you like in IIQ, which ones you like in SAP IdM etc?
Thanks,
Chenyang
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I would love to do something like that. I wonder if a blog entry would be an appropriate place to do something like that. I also wonder how SAP would feel about having something like that on the SCN that compares their offering to a competitor. There are things SAP does better and there's things SailPoint does better.
Hi Brandon,
can you check in the properties of the task -> tab Logging whether you have a script linked as "Call Script in Case of Error"? This is sometimes useful, especially for LDAP connector, e.g. if you want to assign user to group and user is already assigned in AD, you get error back and you could catch this error message and consider it to be OK with uSkip(1,1); inside that script - maybe that is what happens here.
Regards
Norman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
75 | |
10 | |
10 | |
10 | |
10 | |
9 | |
8 | |
7 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.