Active Directory Provisioning Error

SailAway · July 9, 2024, 2:26am

Hi,

I am getting the following error in my Sandbox Environment. The DN looks right and I’ve mirrored our production environment but can’t seem to get this working.

[“Exception occurred while executing the RPCRequest: Errors returned from IQService. Attribute DistinguishedNamedoes not contain expected character dc\u003d. Value supplied : Attribute DistinguishedNamedoes not contain expected character dc\u003d. Value supplied : . HRESULT:[0x80131500]”]

Anyone know a fix?

shaileeM · July 9, 2024, 2:43am

Hi @SailAway ,

Can you share the Account Request for the operation from Account activities search. Please mask the necessary information.

Thanks,
Shailee

jesvin90 · July 10, 2024, 12:48pm

Hi @SailAway,

The error looks very much like the DN value that is being passed is not in the right format. Make sure that you are passing the DN value in a format similiar to this - CN=CommonName,OU=OrganizationalUnit,DC=DomainComponent,DC=top-levelDomain

Are you using a transform to get the DN value in your create account policy.? If so, try passing a static value for DN and see if it works.

You can also look in the Account activities in Search or the IQ service logs to see more info on the values being passed.

SailAway · July 11, 2024, 9:16pm

@jesvin90
@shaileeM

Tried with a static value and it still errored with the same error.

Created another source with the same values and it was able to create the account. Something must be going on with the original source but I’m going to leave it be since it is just our Sandbox Environment.

Thanks for the replies.

sushantkulkarni · July 12, 2024, 12:00pm

@SailAway What does your DN look like when it is being sent out for provisioning in the plan? It looks like “dc=” isn’t included in the value, which usually will be included if you pass the full DN. Perhaps look into the account activity from Search to see what was sent, or if you can access IQService logs, see if the plan shows the DN as expected.

SailAway · July 12, 2024, 8:07pm

Hi,
it is “dc=”. When I look at iqservice it looks like the data is going over correctly too.

Sivakrishna1993 · July 14, 2024, 3:08pm

Hi

Can you check schema attribute and provisioning policy attribute of “distinguishedName” have you changed it from OOTB? Or check the user whom got error dn value any spl char in dn?

Check below link

Best Regards,
Siva.K

system · September 12, 2024, 3:08pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Active Directory Provisioning issue ISC Discussion and Questions identity-security-cloud , provisioning	5	698	April 6, 2024
Attribute DistinguishedNamedoes not contain expected character ISC Discussion and Questions identity-security-cloud , provisioning	6	123	February 16, 2025
Active Directory Provisioning issue IIQ Discussion and Questions identityiq , provisioning	6	552	June 15, 2024
Ad user creation issue ISC Discussion and Questions identity-security-cloud , provisioning	9	428	June 4, 2024
Active Directory Provisioning Error while creating a new account ISC Discussion and Questions identity-security-cloud , provisioning , iqservice	13	3092	February 28, 2024

Active Directory Provisioning Error

Related topics