on 09-29-2015 7:39 PM
Hi,
I tried to change userprincipalname for Ad account via IdM using ToLDAP pass. Somehow the task get error "LDAP: error code 53 - 00002016: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0]".
Any suggestion would be greatly appreciated.
Andy
Thanks all for your suggestion. Actually I found out that the attribute that gave me an issue was name. Also i found out that name attribute can't be modified because it is an object. If you need to to change this attribute you need to use toLDAP pass with modrdn.
Regards,
Andy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Andy,
Please check if you are using SSL option? Also confirm if the IDM user has access to update the attribute or any restrictions surrounding that attribute in AD?
Kind regards,
Jai
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Andy,
Did you change the format of the UPN?
Please note that it needs to be in RFC 822 format. When you get an LDAP 53 error usually you're using an invalid value.
53 | LDAP_UNWILLING_TO_PERFORM | Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons: The add entry request violates the server's structure rules...OR...The modify attribute request specifies attributes that users cannot modify...OR...Password restrictions prevent the action...OR...Connection restrictions prevent the action. |
However it's also possible that it's an account restriction, you should see if there has been something changed in the Service Account.
User-Principal-Name attribute (Windows)
Internet E-mail address format (RFC 822) explained
Regards,
Matt
Andy,
Can you update other attributes using the same pass? Are you updating anything other than the UPN? If you have other attributes, can you disable all but one and see if the pass will complete successfully?
The only time I have seen WILL_NOT_PERFORM is when we try to enable a user that requires a password, but a password has not been set, so it is something that goes against AD's internal logic.
Jared
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.