Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error while creating account in AD - [LDAP: error code 32 - No Such Object]

saoual
New Contributor
New Contributor

‎08/13/2024 01:13 AM

Hello,
In a completely random way, when umboarding a user, a role is given by default.
For some users, the task ends with the error "Error while creating account in AD - [LDAP: error code 32 - No Such Object]". I've checked on the target, the group does exist. When I investigated, I found that it was the accountID that was the problem. In each case the accountid = username or in the normal case accountid = nameinnamespace (example for this username: 'flastname' the normal accountid is 'uid=flastname, ou=xxx, ou=xxx, dc=xxx', but the accountid is wrongly created and is 'flastname') , after that when I make a new request via ARS it works and the accountid is well generated.
 
I have already carried out the checks suggested in the following ticket: https://forums.saviynt.com/t5/identity-governance/error-while-creating-account-in-ad-ldap-error-code...
and there's no problem with the target, the group does exist. Can you please help me?
 
Regards
0 Kudos
6 REPLIES 6

rushikeshvartak
All-Star
All-Star

‎08/13/2024 01:19 AM

One time fix all impacted accounts accountid using enhanced query


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

saoual
New Contributor
New Contributor
In response to rushikeshvartak

‎08/13/2024 01:29 AM

Hi rushkeshvartak, 

Since the import job has been executed, the accounts are suspended from import service, the requests have to be renewed. i'm trying to determine the root cause and correct the problem so as not to have this situation again.

 
 
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to saoual

‎08/13/2024 06:16 AM

You need to evaluate logs to find RCA


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

saoual
New Contributor
New Contributor
In response to rushikeshvartak

‎08/14/2024 02:08 AM

Hi, I've looked and there's nothing in the logs to justify this behavior. Has anyone had this behavior before? Or do you have any suggestions? Regards

0 Kudos

NM
Honored Contributor II
Honored Contributor II

‎08/13/2024 01:19 AM

Hi @saoual , are you storing guid in accountid??

0 Kudos

saoual
New Contributor
New Contributor
In response to NM

‎08/13/2024 01:26 AM

Hi NM,

The accountid corresponds to the nameinnamespace, the guid is stored on another customproperty and is used as a reconciliation field.

0 Kudos
Copyright © 2024 Khoros, LLC