cancel
Showing results for 
Search instead for 
Did you mean: 

CreateADSUser Fails But Still Considered a Success in Job Log

brandonbollin
Active Participant
0 Kudos
150

Hello SAP IDM Experts! After spending 1⅔ years working in the SailPoint IdentityIQ space, I'm back in the wonderful world of SAP IDM. Did you all miss me? 🙂

Anyway, I'm running into an issue that I don't think I've ever seen before. I have a process that's setup to create secondary AD accounts for users, admin level accounts specifically. Right now, the process is faulty and it's erring every time. We have the fix for this in the works but in the meantime, we'd like to setup a notification to go out whenever CreateADSUser fails. However, my issue is... CreateADSUser is showing an error in the job log that the account isn't being created due to an LDAP 19 error and the account doesn't exist in AD *BUT* at the bottom in the Provisioned Entries section, it's still calling the operation a success, see below screenshot.

Huh? Why is this still considered a success when the account wasn't created and clearly ended in error when putNextEntry failed? Trying to kick off a notification task on failure won't work if the system doesn't think it failed. Am I missing something?

View Entire Topic
Chenyang
Contributor
0 Kudos

Hi Brandon,

Hope you are well. It is great to see you back. I am also joining a SailPoint IdentityIQ team to deliver some thing. I wonder if you can write some thing comparing IIQ to SAP IdM. which features you like in IIQ, which ones you like in SAP IdM etc?

Thanks,

Chenyang

brandonbollin
Active Participant
0 Kudos

I would love to do something like that. I wonder if a blog entry would be an appropriate place to do something like that. I also wonder how SAP would feel about having something like that on the SCN that compares their offering to a competitor. There are things SAP does better and there's things SailPoint does better.