Symantec IGA

Hi Experts!

I am trying to set the manager field for the AD account of the user. I am able to get the DN in AD of the manager based on the manager ID. 

But when I use that value to set the account attribute I get an error "Not a valid IAM handle".

I tried various formats:

eTADSAccountName=****

eTADSAccountName=xxxxx,eTADSOrgUnitName=yyy,eTADSOrgUnitName=yyxx,eTADSDirectoryName=AD_Name,eTNamespaceName=ActiveDirectory,dc=server,dc=etadb

Also the direct AD DN, but nothing works.

I am using Policy express to set the DN in AD account.

Could you please help. Thanks.

Regards
Garima

Hi Garima,

Frist you can make Active Directory Manager DN as user attribute and from that user attribute you can push this to Active directory via simple policy xpress, Please see the attached screen shot for refernce

Original Message:
Sent: 02-14-2020 03:56 PM
From: Garima Aggarwal
Subject: Not a valid IAM handle when setting AD manager attribute

Hi Experts!

I am trying to set the manager field for the AD account of the user. I am able to get the DN in AD of the manager based on the manager ID.

But when I use that value to set the account attribute I get an error "Not a valid IAM handle".

I tried various formats:

eTADSAccountName=****

eTADSAccountName=xxxxx,eTADSOrgUnitName=yyy,eTADSOrgUnitName=yyxx,eTADSDirectoryName=AD_Name,eTNamespaceName=ActiveDirectory,dc=server,dc=etadb

Also the direct AD DN, but nothing works.

I am using Policy express to set the DN in AD account.

Could you please help. Thanks.

Regards
Garima

Hi Bhanu,

Thanks for this, I already got the AD Manager DN in a user attribute. But the error happens when i push the attribute to user's AD account.

In the screenshot, you are storing the DN attribute in one of the user's attribute itself, but I need to push it to AD account owned by the user.

Regards
Garima
Original Message:
Sent: 02-16-2020 07:05 AM
From: bhanu sudheer
Subject: Not a valid IAM handle when setting AD manager attribute

Hi Garima,

Frist you can make Active Directory Manager DN as user attribute and from that user attribute you can push this to Active directory via simple policy xpress, Please see the attached screen shot for refernce

Original Message:
Sent: 02-14-2020 03:56 PM
From: Garima Aggarwal
Subject: Not a valid IAM handle when setting AD manager attribute

Hi Experts!

I am trying to set the manager field for the AD account of the user. I am able to get the DN in AD of the manager based on the manager ID.

But when I use that value to set the account attribute I get an error "Not a valid IAM handle".

I tried various formats:

eTADSAccountName=****

eTADSAccountName=xxxxx,eTADSOrgUnitName=yyy,eTADSOrgUnitName=yyxx,eTADSDirectoryName=AD_Name,eTNamespaceName=ActiveDirectory,dc=server,dc=etadb

Also the direct AD DN, but nothing works.

I am using Policy express to set the DN in AD account.

Could you please help. Thanks.

Regards
Garima

Hi Garima,

Here is correct format that works for AD connector in PX.

ADSAccountName=TestUser,ADSOrgUnit=OU1,ADSOrgUnit=Development,EndPoint=MYAD,Namespace=ActiveDirectory,Domain=im,Server=Server

Thanks,
Praveen Jain

Original Message:
Sent: 02-14-2020 03:56 PM
From: Garima Aggarwal
Subject: Not a valid IAM handle when setting AD manager attribute

Hi Experts!

I am trying to set the manager field for the AD account of the user. I am able to get the DN in AD of the manager based on the manager ID.

But when I use that value to set the account attribute I get an error "Not a valid IAM handle".

I tried various formats:

eTADSAccountName=****

eTADSAccountName=xxxxx,eTADSOrgUnitName=yyy,eTADSOrgUnitName=yyxx,eTADSDirectoryName=AD_Name,eTNamespaceName=ActiveDirectory,dc=server,dc=etadb

Also the direct AD DN, but nothing works.

I am using Policy express to set the DN in AD account.

Could you please help. Thanks.

Regards
Garima