Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/04/2023 09:18 AM - edited 10/04/2023 09:19 AM
we are creating new AD accounts in a specific OU, but manager of the new user is in different OU, create AD account tasks fails with below error.
[LDAP: error code 19 - 000020B5: AtrErr: DSID-0315344E, #1: 0: 000020B5: DSID-0315344E, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 15000a (manager)
if new user and manager in same OU, AD account is provisioned successfully with manager and all other attributes.
Is it required to have new user and manager accounts in same OU ?
OR is this a limitation on Saviynt/AD side. Is AD rejecting it ?
10/04/2023 11:32 AM
We can definitely create user accounts in Active Directory (AD) having manager in different OUs. We were successful for one of our customers. I do not see that as an issue.
Look into the logs and see if it is failing for any other attributes. I am assuming, when you were able to create user account successfully where manager and user are in same OU, you are populating the manager attribute with manager's DN.
10/04/2023 11:55 AM
Saviynt should be able to create users with managers in different OU. There might be an issue in populating right manager DN or targeting is rejecting managers of specific OU. Would you be able to share the logs?
10/05/2023 10:55 AM