What does it mean ? The error is happening for few accounts. After this error, I obtain the following error in the account activity that follows the one mentioned above.
Error(s) reported back from the IQService - The object already exists. The object already exists. 00000524: UpdErr: DSID-031A11DA, problem 6005 (ENTRY_EXISTS), data 0 00000524: UpdErr: DSID-031A11DA, problem 6005 (ENTRY_EXISTS), data 0 . HRESULT:[0x80071392] For identity: CN= XXXXX
It looks like the account you are trying to create already exists in AD. Make sure the account name is unique while creating an account (try adding unique counters: XXX1, XXX01, XXX001, etc., depending on the organization’s requirements). Also, schedule aggregations to get the latest accounts.
Thanks for your answer. However, scheduled aggregation is enabled. The thing is that IDN is somehow trying to create the same account on AD during a period of time of 2 minutes. This is happening for few accounts, not all of them.
There are a few things that I can think of. You could add extra logic in your after-create to log more information and print out more timestamps. The reason I am saying this is because the script is running much quicker than the IQService response, so it is thinking the account was not created and trying to recreate it.
Or you could add “wait”/“sleep” in your after-create to handle this issue.
The other easy option is to extend the provisioning timeout and IQService response timeout. I haven’t tried this, but some of my colleagues mentioned that it fixed the issue. If you have Visual Studio code, you could add those pretty easily. I would suggest starting with 120 seconds and slowly increasing it to 180 sec, 240 sec and so on.
Not the exact same error. But we have seen “Objects already exists” many times. Especially when Native rules are involved. Sometimes its also the AD account filters we use in source configuration page in IDNow, but in your case it happens to only a few accounts.
