Hi all,
My requirement is to append some attributes of admin users in lost of OU’s in active directory. I am able to achieve this by using a new source is dev environment (by using new source’s provisioning policies and running a sync on required identities) but when I try to replicate this in production, I am getting following error.
1. ADConnectorServices [ Thread-7 ] ERROR : "Caught exception in Modify for identity CN=****** ,OU=*****,OU=****,OU=**,DC=**,DC=**. System.UnauthorizedAccessException: Access is denied.
at System.DirectoryServices.Interop.UnsafeNativeMethods.IAds.SetInfo()
at System.DirectoryServices.DirectoryEntry.CommitChanges()
at sailpoint.services.ADConnectorServices.Modify(Boolean processExchangeAttributeUpdate, Boolean& atleastOneAttrReqFulfilled)"
2. ADConnectorServices [ Thread-7 ] ERROR : "Exception caught while handling special attributes AC_NewName/AC_NewParent for identity CN=****** ,OU=*****,OU=****,OU=**,DC=**,DC=**. System.UnauthorizedAccessException: Access is denied.
I checked provisioning policies defined in dev and production and only difference i found was in “usageType”: “UPDATE_GROUP”, provisioning policies.