AD failing after validating all permissions and communications

icar planells over 1 year ago

I have integrated an AD asset to manage accounts.

When I read users or groups it works perfectly

1. I can discover accounts in the AD

2. I can test the asset successfully

3. I can test connection sucessfully

4. I can check the functional account successfully

5. I can sync the AD with no errors

but when I try to change another password fail with the following message:
Debug ChangePassword failed. Access to the resource was denied. (PrincipalOperationException) HResult: 0x80131501

(the service-functional account is domain admin of the domain)

We have followed step by step that the follwoing article says:

https://support.oneidentity.com/es-es/one-identity-safeguard-for-privileged-passwords/kb/4263587/how-to-delegate-permissions-in-active-directory-for-a-safeguard-service-account-4263587?kblang=en-US

Some help please?

Parents

0 Tawfiq.Ahmad over 1 year ago

Hi,

You can try to troubleshoot this by specifying a single Domain controller under the (AD Asset > Connection tab > Domain Controllers field) so that SPP will only talk to one DC for troubleshooting this issue.

Save the change and reproduce the issue \ perform the change password on the other AD account

If it fails again, check the AD event logs on that specific DC to see why it refused to allow SPP to change that other AD account password.

Thanks!
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Reply

0 Tawfiq.Ahmad over 1 year ago

Hi,

You can try to troubleshoot this by specifying a single Domain controller under the (AD Asset > Connection tab > Domain Controllers field) so that SPP will only talk to one DC for troubleshooting this issue.

Save the change and reproduce the issue \ perform the change password on the other AD account

If it fails again, check the AD event logs on that specific DC to see why it refused to allow SPP to change that other AD account password.

Thanks!
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Children

No Data