• State Not Answered
  • Replies 4 replies
  • Subscribers 100 subscribers
  • Views 104 views
  • Users 0 members are here
Options
Related

Internal error in COM access layer: number: 8007202F: AD Update failing

tomas hudecek_41587

Hi,

we are getting for unknown reason from some accounts the error 

COM access layer: number: 8007202F:

when we are switching from Unmanaged to Full manage and changing few AD attributes. The changes went through for some without an issue. We see in AD some values were pushed to AD even the update process got frozen, in one account we see that manager was not updated, but the same manager was updated for other account fine. AD specialist does not see any differences for these accounts which went successful and which not. Strange think is when we change some random attribute in ADAccount table and save it, it initiates new Update process to the AD it went through successfully.

Any idea what can be wrong, what to check?

We are having version 9.1.1

Thank you

Parents
  • 0

    When you look at the AdHoc Patch, have you confirmed what is changing in total?

    8007202F is a constraint violation. Do your OneID password policy match the AD one, so that initial passwords for creation meet the requirements? It could also be another attribute, so back to the Patch to try and dertermine which attribute is failing for those users, then you can work with the AD Team to sort rights.

    Also, don't forget that some things will go via RPC as opposed to LDAP/ADSI. While LDAP/ADSI uses the Sync account, the RPC uses the account that runs the Job Service.

Reply
  • 0

    When you look at the AdHoc Patch, have you confirmed what is changing in total?

    8007202F is a constraint violation. Do your OneID password policy match the AD one, so that initial passwords for creation meet the requirements? It could also be another attribute, so back to the Patch to try and dertermine which attribute is failing for those users, then you can work with the AD Team to sort rights.

    Also, don't forget that some things will go via RPC as opposed to LDAP/ADSI. While LDAP/ADSI uses the Sync account, the RPC uses the account that runs the Job Service.

Children
No Data