• State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 96 subscribers
  • Views 10289 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Account Definition with AD provisioning does not work

ahanys
over 8 years ago

Hello,

I have a Department with associated Account Definition configured particular Active Directory.

But whenever I assign this department I got the following exception on Job Server:

But the exception says that e.g. cn was not set, actually it was because I see its value in D1IM database table ADSAccount for this user.

Do you know where is the problem?

ErrorMessages = [2134002] Error executing an adhoc projection!
[1777018] Error executing workflow (Provisioning) of synchronization project (Active Directory Domain (DC=TESTLAB,DC=IDM)).
[1777124] Error executing projection step (user) of projection configuration (Provisioning (Provisioning)).
[1777219] Error executing projection step (user)!
[1777004] Method (Insert object (Insert)) could not be executed successfully.
[2226012] Error committing object new object of type user.(Error: Error committing object CN=User My,CN=Users,DC=testlab,DC=idm.(Error: New object created for second commit.
Property cn should be set.
Property objectClass should be set.
Property sAMAccountName should be set.
Access is denied.

Error deleting object CN=User My,CN=Users,DC=testlab,DC=idm.(Error: There is no such object on the server.
)
))
at StdioProcessor.StdioProcessor._Execute(Job job)
at VI.Projector.JobComponent.ProjectorComponent.Activate(String task)
at VI.Projector.JobComponent.ProjectorComponent._AdHocProjection()
---- Start of Inner Exception ----
at VI.Projector.JobComponent.ProjectorComponent._AdHocProjection()
at VI.Projector.Database.ProjectorExecutor.Project(ISession session, IProjectionConfiguration configuration, ProjectionOption options, ISystemObject adHocObject, CancellationToken cancellationToken)
at VI.Projector.Projection.Extensions.Execute(IProjectorEngine engine, IProjectionConfiguration configuration, ProjectionOption options, ISystemObject adHocObject, CancellationToken cancellationToken)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
---- Start of Inner Exception ----
at VI.Projector.Projection.ProjectorEngine.<ExecuteAsync>d__4.MoveNext()
---- Start of Inner Exception ----
at VI.Projector.Projection.ProjectorEngine.<ExecuteAsync>d__4.MoveNext()
---- Start of Inner Exception ----
at VI.Projector.Projection.ProjectorEngine.<ExecuteAsync>d__4.MoveNext()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
--- End of stack trace from previous location where exception was thrown ---
at VI.Projector.Projection.Internal.ProjectorEngineExecutionHelper.<ExecuteStepAsync>d__24.MoveNext()
---- Start of Inner Exception ----
at VI.Projector.Projection.Internal.ProjectorEngineExecutionHelper.<ExecuteStepAsync>d__24.MoveNext()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
--- End of stack trace from previous location where exception was thrown ---
at VI.Projector.Projection.Internal.ProjectorEngineExecutionHelper.<_ProcessDifferenceSetAsync>d__a5.MoveNext()
at VI.Projector.Projection.Internal.ProjectorEngineExecutionHelper._ExecuteMethods(IProjectionStep step, SystemObjectMatchingSet matchingSet, ISystemConnection connection, ISchemaMethodAssignment[] methodAssignments, IList`1 systemObjectPairs, SystemMappingSide side, ProjectionDirection projectionDirection, Boolean forceReloadObject, Boolean ignoreQuotas)
at VI.Projector.Projection.Internal.ProjectorEngineExecutionHelper._ExecuteMethodNative(ISystemConnection connection, SystemObjectMatchingSet matchingSet, ISchemaMethod method, IEnumerable`1 objectsToExecute, Boolean reloadObjects, Boolean isImport)
at VI.Projector.Connection.SystemConnection.ExecuteMethod(ISchemaMethod method, IEnumerable`1 systemObjects, ExecuteMethodOptions option)
---- Start of Inner Exception ----
at VI.Projector.Connection.SystemConnection.ExecuteMethod(ISchemaMethod method, IEnumerable`1 systemObjects, ExecuteMethodOptions option)
at VI.Projector.Connection.Connectors.BottleNeckConnector._Redirect[T](Func`1 redirection)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
---- Start of Inner Exception ----
at VI.Projector.Connection.Connectors.BottleNeckConnectorTask.Execute()
at VI.Projector.Connection.Connectors.BottleNeckConnector.<>c__DisplayClass1f.<OnExecuteMethod>b__1e()
at VI.Projector.Connection.SystemConnector.ExecuteMethod(ExecuteMethodRequest request)
at VI.Projector.Connection.SystemConnector.CommitObject(CommitObjectRequest request)
at VI.Projector.ADS.ProjectorADSConnector.OnCommitObject(CommitObjectRequest request)
at VI.Projector.ProjectorBaseConnector.HandleException(ObjectRequest request, Exception Ex)

Thanks in advance,

John Cage

  • 0 over 8 years ago

    Hi John,

    I think the main problem is "Access Denied".  The account you've used to access AD does not have sufficient permission to write to AD.

    As for your comment "But the exception says that e.g. cn was not set, actually it was because I see its value in D1IM database table ADSAccount for this user."

    ADSAccount table is local to D1IM. After value (cn) is updated in ADSAccount table it will kick off a process to update AD server and this is where it it failed and generate the exception that you've seen.

    HTH

  • 0 over 7 years ago
    How did you resolve this? I'm facing the same issue
  • 0 over 6 years ago
    Hi

    Im having the exact same issue, how did you resolve this?

    In my scenario I believe it is do with the account used to access AD not having sufficient permissions, however the AD team im working with say the account does have sufficient permissions.

    Additionally the Insert into AD fails in job queue with the same error as above however the AD accounts do get created but in a disabled state.

    Any help would be great!
  • 0 over 6 years ago
    Maybe the Ad user account has permissions to create a user but not set certain attributes. Id check with the Ad team to be sure

    HTH