This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Could not create account in Active Directory complaining on password policy

Hi Experts 

I am getting a password policy violation error while adding ADSAccount to the target.

Please find the error below - 

ErrorMessages () [1777018] Error executing synchronization project (Active Directory Domain )'s workflow (Provisioning).
[1777124] Error executing projection step (user) of projection configuration (Provisioning (Provisioning)).
[1777219] Error executing synchronization step (user)!
[1777004] Method (Insert object (Insert)) could not be executed successfully.

Error executing user_password_Set on object  (Error: [System.Reflection.TargetInvocationException] Exception has been thrown by the target of an invocation.
[2226225] Password change for User test could not completed. The password does not meet policy requirements.
[System.Reflection.TargetInvocationException] Exception has been thrown by the target of an invocation.
[System.Runtime.InteropServices.COMException] The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements. (Exception from HRESULT: 0x800708C5)).
Password change for User test could not completed. The password does not meet policy requirements.
Exception has been thrown by the target of an invocation.


Error  writing object was tolerated because the object is a system object and cannot be changed.
The server is unwilling to process the request.

I am using the one identity manager password policy for the default. Password manager is also set up in the environment so password manager also have its own password policy.

The password I have set in the centralPassword of the person that comply with all the password policy. Still not sure what is missing. 

how can I debug the sync project on the password field to see exactly which password policy is violating? 

Thanks in advance

Parents
  • Hi,

    How is your domain controller defined/configured in your sync project?

    I had this exact same problem ..... all AdHocProjection updates were working fine except for setting the password.

    The answer to 'my' problem is below ...... maybe it helps you:

    ---------------------------------------------------------------------------------------------------------------------------------------------------

    For all adhoc activities the sync project was working just fine ....... only failing when setting a password.

    The reason was that the CP_ADServer variable was set set to an IP address and not the domain value (domain.com).

    Once it was set to domain.com the password setting worked just fine ...... this is not an issue with OI but more to do with how the AD processes work.

    ---------------------------------------------------------------------------------------------------------------------------------------------------

    Additionally I was advised:  Kerberos does not function with IP addresses.

    Hope it helps, Barry.

  • Thanks Barry. I believe your problem and my problem is similar. It is only failing when I set the password otherwise AdHocProjection working fine. I have checked the variable and the value of CP_ADServer is set with FQDN (domain.com). The only thing I can remember that when I set up the AD sync project I put the ip address in connection veriable and the system automatic took the domain. Still do not know this is a problem or not.

Reply
  • Thanks Barry. I believe your problem and my problem is similar. It is only failing when I set the password otherwise AdHocProjection working fine. I have checked the variable and the value of CP_ADServer is set with FQDN (domain.com). The only thing I can remember that when I set up the AD sync project I put the ip address in connection veriable and the system automatic took the domain. Still do not know this is a problem or not.

Children
  • Ok. It is working now. For me the solution is, I have restablished the connection for the AD sync project. Did not put any ip any where and did not truned on the value secret for variable CP_BASEpassword. Thanky you all.