Hi ,
I’m facing below issue while modifying AD attribute
[“Error(s) reported back from the IQService - Failed to update attributes for identity CN\u003dtestfn47, testln47 (sbs999896),OU\u003dUsers,OU\u003dLFH,OU\u003dHospitals,OU\u003dSB-Departments,DC\u003dbassett,DC\u003dorg. The server is unwilling to process the request.\n”]
Any help is much appreciated
Thank you ,
Saikumar
We see this error when the provisioning plan includes an attribute which fails to update on AD side because of incorrect value/type/char limit violation. To find the attribute causing issue you can follow these troubleshooting steps:
From IDN Search UI, find the account activity for identity with issue. When you click on specific account activity that failed provisioning it will show you the full provisioning plan that includes values sent for each attribute. Check for any attributes which show incorrect/unexpected values. Verify the char limit is not exceeding the set limits on AD side. (Eg. Initials attribute in AD should be only 1 char long). The password field will not show value but make sure you’re setting a password which meets the AD password policy.
Log on to your IQService box and go through IQService logs for the provisioning failed event. If you don’t see detailed logs, set the IQService mode to debug level trace and restart service. After reproducing issue check logs again.
Hi Sharvani ,
Thank you for Reply !
As you check i gone through my provisioning activity some how I’m seeing provisioning is success.
But i have seen this error in Identity Cube activity (Modify Account ),.
Here is my scenario that I’m testing.
I’m creating a user from CSV file and giving a manager who is not existing in IDN.
User got created in IDN. as manager is not exist in IDN, Manager not provisioned to AD.
Later i have created manager in CSV and aggregated into IDN.
This time im getting manager in IDN after sync but AD manager is not updating for firstly created user.
In this scenario we are getting above error.
Thank you ,
Saikumar
@saikumar39 Are you getting the Manager’s DN value and setting that Identity Attribute to Sync? You can also try increasing the trace level on IQService and look at the IQTrace logs for more details.
You need to provide full Manager DN in manager AD attribute for it to populate in AD. If manager is present in AD you can use existing Get Manager LDAP DN rule to populate the value for you.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.