AD: Account created but failed to modify

kskendelis · September 13, 2023, 11:14am

I am getting error while creating AD (and MS exchange ) accounts. It seems that it tries to modify account which is not created yet.
error:
Account created but failed to modify : Failed to update attributes for identity CN=1000000,OU=Users,OU=People,DC=activedir,DC=xu,DC=com. The specified directory service attribute or value does not exist.

After all account is created and entitlements are assigned:

adError1.log (28.1 KB)

Jarin_James · September 13, 2023, 2:10pm

Hi @kskendelis ,

Verify all the attributes present in the Provisioning Policy is added to the account or not. The issue seems like is because the attribute mentioned in the Provisioning Policy doesn’t exist in AD.

sunnyajmera · September 13, 2023, 5:23pm

2 / 2

I would begin by inspecting the account request to identify attribute values that are either invalid or prohibited, including a thorough examination of attributes like “samaccountname,” etc

kskendelis · September 14, 2023, 7:40am

Can it be something related to my actions, I trying to create and delete the same account.
I have tried to remove almost all additional attributes but it seems even basic attribute like givenName and sn is forbidden to commit.

currentError:
Account created but failed to modify : Failed to update attributes for identity CN=1000000,OU=Users,OU=People,DC=activedir,DC=xx,DC=com. The server is unwilling to process the request.

ismaelmoreno1 · September 23, 2023, 4:48pm

Hi @kskendelis Could you check Provisioning Transactions of these operations?
Are you check IQservice logs? It would be possible provide these logs?

Thanks!

kskendelis · October 2, 2023, 3:18pm

Logs have been added.

IQ_AD.log (47.5 KB)

kskendelis · October 4, 2023, 12:44pm

Problem was some additional attributes while creating new account. I have tested creation one by one and removed those which failed. Now account created without any errors or exceptions .

2135797 · November 9, 2023, 8:07am

@Jarin_James
same error I am getting during account creation. In my case I checked all attributes mentioned in provisioning policy exist in AD, still I am getting same error is there any other reason to get this error

sunnyajmera · November 9, 2023, 8:14pm

can you share your request or plan?

Remold · November 9, 2023, 9:59pm

Can you enable logging on the IQService on server neptunas-app ?

This log-file should contain the name of the failing attribute.

(My best guess would be IIQDisabled, but look at the iqtrace.log file)

For provisioning to AD over IQService, the IQService logging will provide more and better details compared to the IIQ log file.

– Remold

Jarin_James · November 10, 2023, 5:17am

Hi @2135797,

Please create a new post by providing all the required information. This will help us to understand and track the issue better. As @Remold suggested please share the logs as well to further analyze the issue.

system · January 9, 2024, 5:17am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AD Account Creation and Update ISC Discussion and Questions provisioning	5	1003	August 7, 2023
AD: Account created but some attributes are not updated properly ISC Discussion and Questions identity-security-cloud , provisioning	4	587	January 15, 2024
Error with Active Directory User creation IIQ Discussion and Questions identityiq , provisioning	6	708	October 27, 2023
Getting error while updating AD attribute ISC Discussion and Questions identity-security-cloud	5	832	August 7, 2023
Provisioning failed ISC Discussion and Questions apis , aggregation , identity-security-cloud	3	311	October 24, 2023

AD: Account created but failed to modify

Related Topics