Saviynt Forums

rajsannidhi · ‎10/04/2023

we are creating new AD accounts in a specific OU, but manager of the new user is in different OU, create AD account tasks fails with below error.

[LDAP: error code 19 - 000020B5: AtrErr: DSID-0315344E, #1: 0: 000020B5: DSID-0315344E, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 15000a (manager)

if new user and manager in same OU, AD account is provisioned successfully with manager and all other attributes.

Is it required to have new user and manager accounts in same OU ?

OR is this a limitation on Saviynt/AD side. Is AD rejecting it ?

rmakam · ‎10/04/2023

We can definitely create user accounts in Active Directory (AD) having manager in different OUs. We were successful for one of our customers. I do not see that as an issue.

Look into the logs and see if it is failing for any other attributes. I am assuming, when you were able to create user account successfully where manager and user are in same OU, you are populating the manager attribute with manager's DN.

Saathvik · ‎10/04/2023

Saviynt should be able to create users with managers in different OU. There might be an issue in populating right manager DN or targeting is rejecting managers of specific OU. Would you be able to share the logs?

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

rajsannidhi · ‎10/05/2023

@rmakam @Saathvik Thank You for the confirmation. Issue is resolved, after modifying BASE search filter for provisioning.

Saviynt Forums

Unable to create AD account, manager attribute issue, new AD account and manager in different OU's