Saviynt Forums

piyushm · ‎02/10/2023

Hello,

I am trying to provision account to AD with minimum required attributes. The issue is the new account task fails with error "LDAP: error code 53 - 0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM)". The same task then gets completed after few hours/attempts without any change either on AD side or in saviynt.

Below is the createaccountjson.

{"pwdLastSet":"${if(ServiceAccountOwnerMap.ServiceAccountType.equals('Service Account')) {-1} else {-1}}", "sn":"${if(ServiceAccountOwnerMap.ServiceAccountType.equals('Service Account')) {} else {user.lastname}}", "userAccountControl": "512", "objectClass":["top","person","organizationalPerson","user"], "sAMAccountName":"${if(ServiceAccountOwnerMap.ServiceAccountType.equals('Service Account')) {task.accountName} else {user.systemUserName}}" }

sk · ‎02/10/2023

Are you using SSL connection? From the error it looks like you are using non-ssl connection and AD is not supporting a non-ssl connection

Regards,
Saathvik

rushikeshvartak · ‎02/10/2023

what is Account Type in failing use case .

Regards,

Rushikesh Vartak

timchengappa · ‎04/03/2023

Hi @piyushm

It looks like you are trying to provision a "New Account" task and based on the error, you are either not passing the required attributes in the format/syntax that AD accepts or you are connected to AD via a non-SSL connection.

If it's an issue with the format/syntax that AD accepts, please validate attributes such as password, etc., and ensure that the Saviynt AD passwords policy meets the AD password policy requirements.

If it's an issue with the latter, please switch your connection from non-SSL to SSL

ldap://(server address):389
Try changing it to:
ldaps://(server address):636

Saviynt Forums

AD Provisioning failing intermittently with LDAP: error code 53