• State Suggested Answer
  • +1 person also asked this people also asked this
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 94 subscribers
  • Views 225 views
  • Users 0 members are here
Options
Related

ADS_ADSDomain_Maintain_OtherSID frozen "Write permission denied for value Canonical Name"

dirk hoff
5 months ago

Hi all,

We installed an OIM environment with multiple AD-Domains.

three of these Domains are connected using an AppServer for SQL Connection and one is configured to connect to the Database directly.

The sync with the "local" domain (direct Database connection) is working fine.

The syncs connecting via AppServer do work but the postsync Process "ADS_ADSDomain_Maintain ADSOtherSID_PostSync" failes on the first step after generating with the error "[810025] Active Directory SIDs: Write permission denied for value "Canonical name". VI.Base.ViException: Active Directory SIDs: Write permission denied for value "Canonical name"."

Does anyone have an idea what goes wrong here?

Thanks in advance

Greetings

Dirk

  • 0 5 months ago

    Hi,

    I got it solved.
    To not run into permission errors we used "viadmin" on the Connection Data (QBMConnectionInfo). This was the issue.

    So changing the system user from viadmin to Synchronization solved the issue completely.

    (Configuration in "Base Data" --> "Installation" --> "Job server" - mark the Jobserver --> Properties --> Connection data.
    you can find the Settings in table "QBMConnectionInfo"  with ObjectBrowser if you have to change something as I think you are not able to change it in designer.)

    I hope this helps if anyone else has this issue ;)

    Greetings

    Dirk