• State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 96 subscribers
  • Views 3133 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AJG_ADS_ADSAccount_Update/(De-)activate

badebaji sayyad
over 6 years ago

Hello Experts,

We have an issue in disabling admin accounts in an domain from IDM end.

After account gets disabled in IDM(one identity/ADSaccount table)  AJG_ADS_ADSAccount_Update/(De-)activate job will be triggered to carry update to native AD but its getting failed with error.

(2018-11-05 06:39:34.473) [1777018] Error executing synchronization project (Active Directory Domain (XYX.COM))'s workflow (Provisioning).

[1777124] Error executing projection step (user) of projection configuration (Provisioning (Provisioning)).
[1777219] Error executing synchronization step (user)!
[1777004] Method (Update object (Update)) could not be executed successfully.
[2226012] Error committing object CN=A-MaryBeth Reis,OU=XXX Administration Accounts,OU=XXXTechnical Management,DC=xyx-rps,DC=xxxx,DC=com.(Error: Error committing object 9ee0a88d-05d1-4699-8dd0-02f506be78a6.(Error: Access is denied.

Object not committed successfully. Retrying using single property commit.
Property userAccountControl will be set.
Access is denied.

Property vrtparentDn will be set.
Access is denied.

Can some one provide me an insight of how this permission can be sorted out.

BR 

Baji

  • 0 over 6 years ago

    Hello Baji,

    It almost looks like an issue with permissions. Are you able to make any other AD changes in Manager, and will they get pushed out to AD OK?

    Thanks,

    Roman

  • 0 over 6 years ago in reply to Roman.Demchenko

    Hi Roman,

    Its only with Admin account for a particular domain.

    Yes none of the updates is not carried with this particular domain.

  • 0 over 6 years ago

    Hi Baji,

    Does the 1IM Service Account have sufficient permissions for this account?

    Verify that you can view and change the properties for this account using the Target System Browser (via the sync editor).

    If you still have an issue, then please open a service request with Support so we can gather additional logging.

    Trevor

  • 0 over 6 years ago in reply to Trevor Pike

    HI Trevor,

    I'm unable to browse user accounts via target system in sync editor.

    Could you please check and let me know if I need to have extra permissions to view user accounts.

    Currently I'm able to view accounts in an forest but underneath forest there are domains and under that there are user accounts which I'm unable to view

    Regards 

    Baji