ISC is trying to create AD accounts multiple times for a new hire and fails as the account would be created in that same minute! I see multiple events with same error. If anyone had the same issue in their tenant. Please let me know TIA.
Note: I have increased timeouts.
Can you provide additional details with screenshots of the errors, an example of the multiple accounts, and logs from IQService (May need to increase log level with -l )?
Is there a Before or After Create PowerShell rule in place?
Yes, I have an aftercreate rule PowerShell.
here is the error I see in the evenst
["Exception occurred while executing the RPCRequest: Errors returned from IQService. "The object already exists. The object already exists. 00000524: UpdErr: DSID-031A11F8, problem 6005 (ENTRY_EXISTS), data 0 00000524: UpdErr: DSID-031A11F8, problem 6005 (ENTRY_EXISTS), data 0 . HRESULT:[0x80071392] For identity: xxxxx
Hi @Prashanth1812 ,
based on the error, it looks like an account with the same sAMAccountName or DN already exists in AD.
Please verify if such an account is present. If yes, generate a unique sAMAccountName/DN and then try creating the account again.
Hi Prashanth,
Seems like AD account is created partially and there might be some issue while account is being created for the first time. This can be due to multiple reasons like
I would recommend following resolution step to avoid multiple account partial creations:
Go to your Active Directory Source > Additional Settings > under provisioning settings - Enable “Rollback Partially Created Account“ - this will roll back the partially created account going forward for new accounts.
For existing accounts that are created partially, delete them directly on AD manually.
Now to debug your actual issue:
When you are retrying the above scenario, Enable logs both on VA and IQ Service to capture and resolve the issue.
Thanks,
Vijay
thanks @VijayMaripi for the help. Let me try it out and will update here if it works.
