Hi Team,
Problem Statement: Create new AD account with random password to be sent to users Manager as per password policy.
We are not able to generate Active Directory random password as we are getting below error:
Relevant Logs:
"2024-05-15T15:15:38.610+00:00","ecm-worker","ldap.SaviyntGroovyLdapService","quartzScheduler_Worker-8-87g5j","ERROR","Error while creating account in AD - [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0"
"2024-05-15T15:15:38.676+00:00","ecm-worker","","null-87g5j",""," ]"
"2024-05-15T15:15:38.676+00:00","ecm-worker","","null-87g5j","","javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0"
Password policy: min length==> 15 characters
Connection Configuration:
SETRANDOMPASSWORD: TRUE
CREATEACCOUNTJSON:
{
"accountExpires": "0",
"objectClass": [
"top",
"person",
"organizationalPerson",
"user"
],
"pwdLastSet": "0",
"manager": "${managerAccount==null?'':managerAccount.accountID}",
"displayname": "${user.firstname} ${user.lastname}",
"givenName": "${user.firstname}",
"department": "${user.departmentname}",
"sn": "${user.lastname}",
"userPrincipalName": "${user.email}",
"sAMAccountName": "${user.username}",
"mail": "${user.email}",
"Description": "${user.jobcodedesc}",
"employeeID": "${user.employeeid}",
"initials": "${user.middlename}",
"l": "${user.city}",
"physicalDeliveryOfficeName": "${user.location}",
"PostalCode": "${user.regioncode}",
"st": "${user.state}",
"Title": "${user.title}",
"UnicodePwd": "Welcome@1234567",
"userAccountControl": "512"
}
Things Tried:
- When we hardcode the password{"UnicodePwd" : "Welcome@1234567"} we are able to provision the user account irrespective of useraccountcontrol as 512 or 544.
- When we do not provide any password attribute{neither UnicodePwd nor userPassword} in the createaccountjson and useraccountrol = 512 ==> Account is not provisioned
- When we do not provide any password attribute{neither UnicodePwd nor userPassword} in the createaccountjson and useraccountrol = 544 ==> Account is provisioned successfully with passowrd as '2j+E''.
- Password attribute used in Email Template is '${task.password}'
- Remaining things that we have tried is mentioned below:
Password Attribute | Value | UserAccountControl | Result |
"UnicodePwd" | "Welcome@1234567" | 512/544 | Worked |
"UnicodePwd" | "${randompassword}" | 512/544 | Not worked |
"UnicodePwd" | "${randomPassword}" | 512/544 | Not worked |
"userPassword" | "${randomPassword}" | 512/544 | Not worked |
"userPassword" | "Welcome@1234567" | 512/544 | Not worked |
Password Policy has been defined in the Policy Rule in the Security System:
Attribute Name | Attribute Value |
Policy Name | AOBApplicationPasswordPolicy |
Policy Description | Password Policy for Active Directory Application |
Policy Scope | APPLICATION |
Minimum Numeric Characters | 1 |
Minimum Special Character | 1 |
Minimum Alpha Numeric Characters | 1 |
Minimum Alphabet Characters | 1 |
Minimum Uppercase Characters | 1 |
Minimum Lowercase Characters | 1 |
Disallow Last Password | 5 |
Use Blacklist Dictionary | NO |
Regex Description | Password did not match as per Regex |
Minimum Length | 15 |
Expire After (Days) | 360 |
Please let us know what needs to be done here as we are stuck generating random password for AD Account Creation.
Regards,
Saksham
