cancel
Showing results for 
Search instead for 
Did you mean: 

Facing problem with AD groups

former_member227184
Active Participant
0 Kudos

Hi Experts,

We have three AD groups i.e., AD_ASIA, AD_OCEANIA and AD_EUROPE

if AD Oceania job is running other AD will not run parallel, it will get abort / cancel. But If AD ASIA job is running and AD Oceania gets triggered, it deletes all AD ASIA user from SAP system.


Kindly suggest on below point.

We are planning to change the script so that if any of the AD job is running other AD job should not execute.


We are also facing the below exception.


putNextEntry failed storingCN=BG-1003D-GO,OU=Roles,OU=Business,OU=Groups,DC=oceania,DC=zespri,DC=zil

Exception from Modify operation:javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00000562: UpdErr: DSID-031A1174, problem 6005 (ENTRY_EXISTS), data 0]; remaining name 'CN=BG-1003D-GO,OU=Roles,OU=Business,OU=Groups,DC=oceania,DC=zespri,DC=zil'.

Thanks and Regards,

Vamshi.

Accepted Solutions (0)

Answers (3)

Answers (3)

Steffi_Warnecke
Active Contributor
0 Kudos

Hello Vamshi,

and I wonder if those three jobs all use the same temp table in the read pass, that you probably have?

As Jai pointed out: more infos and everybody loves screenshots!

Regards,

Steffi.

peterwass
Explorer
0 Kudos

Ok

So I assume you actually mean 3 OUs / domains / forests rather than 3 groups.  Each job is currently looking at a different area.

It might be that the dispatcher is loosing the plot doing multiple AD jobs at the same time and overwriting the searchbase with the new one but still exporting the users / deleting those who shouldn't exist.

My first step would be to set up a different dispatcher for each job.

In relation to the other error - is it trying to create the group or add members to it?  Either way, I'd put a script in on error to trap and ignore error code 68 - you're trying to create an entry that exists, so its not an actual error.  Just skip the entry and the job will continue and everything will sort itself out.

Peter

jaisuryan
Active Contributor
0 Kudos

Hi Vamshi,

I think we might need more information then provided here. Like version of your SAP IDM landscape, screenshots of job etc.

For jobs running in parallel: How is your jobs are scheduled? Only thru scheduling rules or event triggered? Check AD_OCEANIA is scheduled by event scheduled by AD_ASIA.

For the error: you should disable the pass "Write AD Groups" (not sure if the pass name is correct) pass in AD load job. Only "Write AD group Privileges" should suffice.

I dont have access to any IDM server now so couldn't post screenshots.

Kind regards,

Jai