• State Verified Answer
  • Replies 1 reply
  • Subscribers 95 subscribers
  • Views 1564 views
  • Users 0 members are here
Options
Related

AD Group Assignment job getting frozen

chetan paliwal
over 4 years ago

Hello All,

I am trying to assignment groups to users, but the job is getting frozen stating that there is no such object on the server

On the AD side, tool is able to assign the group to that user but job is getting frozen(job name: ads_group_update)

please help to resolve this issue.

Parents
  • +1 over 4 years ago

    Hi Chetan

    From the looks of your question, the problem appears to relate to Identity Manager rather than Active Roles, as Active Roles doesn't work the same way as Identity Manager. You'd probably be better to raise the issue there (https://www.oneidentity.com/community/identity-manager/).

    The error message suggests that the user or group in the request do not exist in AD, where they do exist in the Identity Manager database. As Identity Manager has a record of the user/group it is expecting to update the group object with the new member, however if one of the objects doesn't exist an update provisioning step would fail. I would suggest you check if the user and group you are permissions this action on exist in both Identity Manager, and also in Active Directory, ensure you compare using ObjectGUID/ObjectSID, as if an object has been recreated it is possible the object in IDentity Manager has the incorrect details stored.

    You could also try performing a full sync from AD, to ensure your ADSAccounts, ADSGroups and ADSAccountsInADSGroups is up to date.

    However, I would suggest you raise this on the Identity Manager forums.

    Cheers

    Stu

Reply
  • +1 over 4 years ago

    Hi Chetan

    From the looks of your question, the problem appears to relate to Identity Manager rather than Active Roles, as Active Roles doesn't work the same way as Identity Manager. You'd probably be better to raise the issue there (https://www.oneidentity.com/community/identity-manager/).

    The error message suggests that the user or group in the request do not exist in AD, where they do exist in the Identity Manager database. As Identity Manager has a record of the user/group it is expecting to update the group object with the new member, however if one of the objects doesn't exist an update provisioning step would fail. I would suggest you check if the user and group you are permissions this action on exist in both Identity Manager, and also in Active Directory, ensure you compare using ObjectGUID/ObjectSID, as if an object has been recreated it is possible the object in IDentity Manager has the incorrect details stored.

    You could also try performing a full sync from AD, to ensure your ADSAccounts, ADSGroups and ADSAccountsInADSGroups is up to date.

    However, I would suggest you raise this on the Identity Manager forums.

    Cheers

    Stu

Children
No Data