• State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 62 subscribers
  • Views 7749 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active Roles New-QADUser Error

james.huddy_64575
over 5 years ago

I am running the following command and getting the error indicated but I am unable to find out what the cause is. Does anybody have any ideas please?

The error generates a 2703 entry in the EDM Application Event Log. But this just repeats the error below. What does this error mean please?

 

PS C:\Windows\system32>  "New-QADUser -name "Workday, Fraser" -ParentContainer "OU=_Workday_Temp,DC=kt,DC=group,DC=local" -samaccountname "WorkdayF"-userprincipalname "Fraser.Workday@kantarpublic.com" -UserPassword ************ (password is in clear text) -Description "Business Integrationist" -Title "Business Integrationist" -FirstName "Fraser" -LastName "Workday" -displayName "Workday, Fraser" -Office "Warwick (USA)" -Department "Technology"-Company "Kantar Public" -City "Warwick" -StateOrProvince "RI" -StreetAddress "100 Quaker Lane" -PostalCode "02886" -Manager "CN=Workday\, Exemplia2,OU=USERS,OU=MLP,OU=UK,DC=kt,DC=group,DC=local" -ObjectAttributes @{kITPattribute7='Y';VaPso_MailboxType='Regular';VAPso_MsolAccountSku='KTGLBUC:ENTERPRISEPACK';edsaUPNPrefix="Fraser.Workday";edsaUPNSuffix="@" + "kantarpublic.com";employeeID="999990027";employeeType="Employee";street="100 Quaker Lane";c = "US";co = "United States of America";countryCode = "840" }

 

New-QADUser : The server is unwilling to process the request.

Administration Service encountered an error when creating the object 'CN=Workday\, Fraser,OU=_Workday_Temp,DC=kt,DC=group,DC=local'.

Could not load file or assembly 'System.ServiceModel' or one of its dependencies. The system cannot find the file specified.

At line:1 char:1

+ New-QADUser -name "Workday, Fraser" -ParentContainer "OU=_Workday_Tem ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [New-QADUser], COMException

    + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.NewUserCmdlet

Parents Reply
  • 0 over 5 years ago in reply to james.huddy_64575

    I ALWAYS ask this - did you execute a Connect-QADService -proxy before you ran this command?

    Another question - you are explicitly specifying the userprincipalname so I am wondering why you are also specifying the UPN prefix and suffix?

    You have extra spaces in the attribute assignment for 'c', 'co' and 'countrycode' - these should be removed.

Children
  • 0 over 5 years ago in reply to JohnnyQuest

    Thanks for the feedback/tips.

    Running in a Powershell with Connect-QADService -proxy having been run. I also ran it is the ARS Management Shell as a test, having run Connect-QADService -proxy, and get the same error.

    I removed the spaces around the three country entries - same error.

    We have a lot of policy applying to objects that was set up by Quest PSO about three years ago when they set up our On Premise to O365 Cloud Sync. The PSO cloud sync setup requires that the edsaUPNPrefix and edsaUPNSuffix virtual attributes are set in readiness for sync the the cloud. Presumably they have done it this way as we have several hundred email domains in the cloud.

    So I tried creating a new root level OU and blocking all ARS policy, expecting that to work, but it still gets the same error.

  • 0 over 5 years ago in reply to james.huddy_64575

    For good measure I tried taking out some of the custom attributes, all of which are enforced by policy, and then I get an expected error:

    New-QADUser : Corporate policy violation. The 'UPN Suffix' property value does not conform to corporate policy.
    You must specify a value for the property 'edsaUPNSuffix'.

    But when all of the required attributes are in I get the original "The server is unwilling to process the request" error on both the original OU and the new one with no policy. Peculiar.

  • 0 over 5 years ago in reply to james.huddy_64575

    I suspected you might have policy around the UPN.  Did you try removing the setting of the userprincipalname?  Since you are setting the prefix and the suffix, you are already getting the userprincipalname generated right?

    FWIW, the error in question often has something to do with a duplicate name property - hence my focus on the userprincipalname.