cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ToLDAP pass to modify userprincipalname on AD

Go to solution
Former Member

on ‎09-29-2015 7:39 PM

0 Kudos

Hi,


I tried to change userprincipalname for Ad account via IdM using ToLDAP pass. Somehow the task get error "LDAP: error code 53 - 00002016: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0]".


Any suggestion would be greatly appreciated.


Andy

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-30-2015 7:14 PM
0 Kudos

Thanks all for your suggestion. Actually I found out that the attribute that gave me an issue was name. Also i found out that name attribute can't be modified because it is an object. If you need to to change this attribute you need to use toLDAP pass with modrdn.

Regards,

Andy

Show replies
Show replies
former_member2987
Active Contributor
‎09-30-2015 7:39 PM
0 Kudos

Andy,

I've always found that the Name attribute should have the "." prefix in any update pass just for that reason!

Glad things are working!

Matt

Answers (2)

Answers (2)

jaisuryan
Active Contributor
‎09-30-2015 12:36 AM
0 Kudos

Hi Andy,

Please check if you are using SSL option? Also confirm if the IDM user has access to update the attribute or any restrictions surrounding that attribute in AD?

Kind regards,

Jai

Show replies
Show replies
former_member2987
Active Contributor
‎09-30-2015 12:56 AM
0 Kudos

Andy,

Did you change the format of the UPN?

Please note that it needs to be in RFC 822 format.  When you get an LDAP 53 error usually you're using an invalid value.

53LDAP_UNWILLING_TO_PERFORMIndicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons: The add entry request violates the server's structure rules...OR...The modify attribute request specifies attributes that users cannot modify...OR...Password restrictions prevent the action...OR...Connection restrictions prevent the action.

However it's also possible that it's an account restriction, you should see if there has been something changed in the Service Account.

User-Principal-Name attribute (Windows)

Internet E-mail address format (RFC 822) explained

Regards,

Matt

jared_kobe
Participant
‎09-29-2015 8:30 PM
0 Kudos

Andy,

Can you update other attributes using the same pass? Are you updating anything other than the UPN? If you have other attributes, can you disable all but one and see if the pass will complete successfully?

The only time I have seen WILL_NOT_PERFORM is when we try to enable a user that requires a password, but a password has not been set, so it is something that goes against AD's internal logic.

Jared

Show replies
Show replies
Ask a Question