Incomplete items error?

A user requested 2 AD connected access items for another user. The request appeared to go through the normal workflow, receiving approval from the appropriate users, before being stopped by the error shown below.
In addition to the screenshot, I have copy+pasted the entire error below.

{CA0C71BC-9D0E-4DF7-8103-CD8F985BBCD6}626×732 94.9 KB

“Error: Incomplete items. Please contact your administrator.
Provisioning
Error(s) reported back from the IQService - Failed to update attributes for identity CN=REDACTED,OU=_New Users,OU=Users,OU=OAC,DC=corp,DC=REDACTED,DC=com. Failed to connect to the server for CN= REDACTED,OU=_New Users,OU=Users,OU=OAC,DC=corp,DC=REDACTED,DC=com:There is no such object on the server. There is no such object on the server. 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of: ‘OU=_New Users,OU=Users,OU=OAC,DC=corp,DC=REDACTED,DC=com’ 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of: ‘OU=_New Users,OU=Users,OU=OAC,DC=corp,DC=REDACTED,DC=com’ . HRESULT:[0x80072030]Failed to connect to the server for CN= REDACTED,OU=_New Users,OU=Users,OU=OAC,DC=corp,DC=REDACTED,DC=com:There is no such object on the server. There is no such object on the server. 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of: ‘OU=_New Users,OU=Users,OU=OAC,DC=corp,DC=REDACTED,DC=com’ 0000208D: NameErr: DSID-03100245, problem 2001 (NO_OBJECT), data 0, best match of: ‘OU=_New Users,OU=Users,OU=OAC,DC=corp,DC=REDACTED,DC=com’ . HRESULT:[0x80072030] Possible reasons for failure include a) The Domain Controller is currently not reachable b) The object has either been moved or renamed c) The object has been deleted Please Ensure the data has been aggregated before performing the operation”

Upon investigation, it appears no domain controllers were down and no changes were made to the users account. We were also not experiencing any kind of outage at the time. I was able to re-request the access for the user and approve it myselt. The access items appear to be working fine now and no other similar behavior has been observed.
I am attempting to determine the cause of such an error/problem? Has anyone else seen this before? What other possible causes could there be?

Regarding the error message its like your identity or group not exist. please check your Active to see if those objects exist.

The objects all exist. I am checking with teams to see if there was some sort of job scheduled to run that would move new users from one OU or group to another OU or group.
If there was and it conincided with the access requests being approved could it have caused this from a syncing issue? Just bad timing? When the request went in they were in _New User OU and and when it got approved they just got switched to the Users OU or something?

It did not coincide with any jobs running to move users. Still investigating. I’m gonna put in a support ticket.

Are sure that entry exist :

“CN=REDACTED,OU=_New Users,OU=Users,OU=OAC,DC=corp,DC=REDACTED,DC=com” ?

Or can you also check your account creation profile if your users are created into the correct OU ?

Hi @jared-fox ,
I also face the same issue while working on AD. I think the OU path you are providing it don’t exist or you are providing the wrong OU path. please check the ou correctly.

Thank you!

I just looked at the create account profile for distinguished name and it appears to be correct. The groups/OU’s in AD appear correct as well.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.