Question

Active Directory Actions challenges

  • 6 December 2022
  • 4 replies
  • 193 views

Badge +1

Hello,
We are using AA 2019 Enterprise Edition, we are creating IT Processes Bots for creating New AD user within our Enterprise domain, as well as for Disabling Ended Users & removing them from all Groups.

We are facing the following problems as follows:

  1. to create a new user within specific Organization Unit under our AD tree, we can only create it Under CN=Users, but how to move it to specific OU or Creating it from beginning under this OU?
  2. We got an LDAP error when trying to add this new user to a group using the AD Action “Add Users to Group”.
  3. also, we got LDAP error when trying to remove disabled & ended user from All Groups membership, although all other Group Actions are working as get group property, get all users of group & others.

I included here below screen shots of a sample case that we can get Group property & user in a the group, but when trying to remove this user from this group we got the below error,

any advice please, thanks & best regards.

 


4 replies

Userlevel 7
Badge +13

Basically, this error will happen when your search returns referral and you set to ignore the referral. You could avoid this exception by setting the Context.REFERRAL to as mentioned below. Then it would search in the referral also [That's why it takes more time to return result].

 

Change the baseDN to be more specific. E.g. ou=users, dc=mydomain, dc=com.

 

You can refer the below link for further clarification.

https://knowledge.informatica.com/s/article/153822?language=en_US

Badge +1

Hi Padmakumar,

Thanks for your reply, I went through it as well as through the link you sent above,

It is talking about an error of LDAP authentication against Microsoft Active Directory. 

but I already can get connected to our Active Directory using LDAP using Build Parent Path & can do a lot of AD actions successfully as mentioned in my post above, but my main issue when trying to use Remove users or Add user to group action I got the shown above error
 

 

appreciate if you or anyone can advise on this

Thanks, & best regards.

Userlevel 7
Badge +13

Hi Padmakumar,

Thanks for your reply, I went through it as well as through the link you sent above,

It is talking about an error of LDAP authentication against Microsoft Active Directory. 

but I already can get connected to our Active Directory using LDAP using Build Parent Path & can do a lot of AD actions successfully as mentioned in my post above, but my main issue when trying to use Remove users or Add user to group action I got the shown above error
 

 

appreciate if you or anyone can advise on this

Thanks, & best regards.

Not sure this will help you or not.

After using the build parent path , add "CN=Users" to the parent path (EX: LDAP://{server}/CN=Users,DC={root2},DC={root1}. Depending on whether you have any sub-directories in the Users folder for which you may need to go a step further and add "CN={location}" (EX: LDAP://{server}/CN=US,CN=Users,DC={root2},DC={root1}).

 

If this still doesn’t help you then, kindly raise a support ticket with AA team to look into this further as it is challenging to replicate/provide ideas on.

Badge

@Yasser Farid - Did you get any resolution on this ?

Reply