OIM cannot Add Users to AD Groups, though it can Create/Modify Users in AD
(Doc ID 1469709.1)
Last updated on JULY 21, 2020
Applies to:Identity Manager Connector - Version 220.127.116.11.0 to 18.104.22.168.0 [Release 10gR2]
Information in this document applies to any platform.
**Checked for Relevance on 02-Dec-2013**
The OIM-AD connector cannot add users to groups that it was able to add users to yesterday.
It is not the OIM Admin user, since it can log onto a DC server in the domain that the group belongs to and service the account.
- Was able to add a user to the group.
OIM is unable to add the any user to any group.
The error message in the OIM logs is:
ERROR,20 Jun 2012 13:25:29,156,[XL_INTG.ACTIVEDIRECTORY],Problem modifying object: javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHT
S), data 0
^@]; remaining name ''
The OIM-AD connector is still able to create users, modify their CNs, etc.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document