Active Directory Issue - Password_Not_Required flag

Hello Experts,

I am trying to create an AD account, I’m making use of the ootb create provisioning policy. I am able to create the account manually but through IDN this is the error that I’m getting. I am not setting PasswordNotRequired attribute through the provisioning policy. I am also not setting password on this account. Is there any permission issue, can anyone help me please :slight_smile:

Exception occurred while executing the RPCRequest: Errors returned from IQService. “Error occurred while disabling Password_Not_Required flag for the account CN=Test User,OU=Sandbox,DC=test,DC=com Access is denied. Access is denied. . HRESULT:[0x80070005]”, “Error occurred while enabling the account CN=Test User,OU=Sandbox,DC=test,DC=com Access is denied. Access is denied. . HRESULT:[0x80070005]”

@MVKR7T and @Remold your thoughts on this?

Generally I’ve seen this done in the AfterCreate/Update extensions to AD and it involves including the value 544 (PASSWD-NOTREQD) to the UserAccountControl attribute. It’s not a specific attribute in AD, but bundled into this multi-use attribute.

Hi @aishwaryagoswami

Yes, as @edmarks mentioned, what is the UAC you are passing ?

Thanks
Krishna

I have 544 static value for UserAccountControl attribute but the error is still showing @MVKR7T @edmarks

Can you try with 512 for enable, 514 for disable.

We were able to solve this by granting permission to the service account to be able to set password during account creation, unfortunately setting the UserAccountControl attribute in the create provisioning policy didnt work.