Symantec IGA

Hello 

My customer is facing this problem:

They create an AD account from "Modify User's Endpoint Account" menu

If they populate fields manually everything is ok 

If they use the option "Copy from Active Directory Account" to populate automatically some fields they get the following error:

ERROR [im.provisioning] (Thread-6938 (HornetQ-client-global-threads-1935406147)) javax.naming.NamingException: [LDAP: error code 80 - :ETA_E_0004<AAC>, Active Dir. Account 'prova002' on 'AD_WH' creation failed: Connector Server Add failed: code 80 (OTHER-LdapNamingException): failed to add entry eTADSAccountName=prova002,eTADSOrgUnitName=TestIamOU1,eTADSOrgUnitName=0582 Settala,eTADSOrgUnitName=WarehouseTest,eTADSDirectoryName=AD_WH,eTNamespaceName=ActiveDirectory,dc=im,dc=etasa:

JCS@S28E0000DPMIAMP: JNDI: [LDAP: error code 70 - Added object: CN=prova002,OU=TestIamOU1,OU=0582 Settala,OU=WarehouseTest,DC=wh,DC=gc,DC=local
Unable to set ACL
Reason: Operations Error]

Account is created on AD but not in the Provisioning Directory 

Any idea ? 

Thank you 

Giovanni 

Suggestion:

Try to find out what's different between Modify (which is working) and the Create from Copy (which isn't), perhaps the mapping between IM and Provisioning isn't set for that action, perhaps the synchronization flags (User Sync and Account Sync) isn't same?

Sagi

The task is the same for both Operation (Create Active Directory Account)

Simply they activated the possibility to copy attribute from another AD account

 At the end of the Account page they can see the button "Copy from Active Directory Account"

If they choose this option it doesn't work.

I suggest you open a support case and provide the Provisioning Server etatrans log (level=7) capturing both the working and non-working test case and provide them in the support case.

- KennyV