My Oracle Support Banner

OIM cannot Add Users to AD Groups, though it can Create/Modify Users in AD (Doc ID 1469709.1)

Last updated on MARCH 08, 2017

Applies to:

Identity Manager Connector - Version 9.0.3.1.0 and later
Information in this document applies to any platform.
**Checked for Relevance on 02-Dec-2013**

Symptoms

The OIM-AD connector cannot add users to groups that it was able to add users to yesterday.
It is not the OIM Admin user, since it can log onto a DC server in the domain that the group belongs to and service the account.
- Was able to add a user to the group.

OIM is unable to add the any user to any group.

The error message in the OIM logs is:
ERROR,20 Jun 2012 13:25:29,156,[XL_INTG.ACTIVEDIRECTORY],Problem modifying object: javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHT
S), data 0
^@]; remaining name ''

The OIM-AD connector is still able to create users, modify their CNs, etc.

OIM 9.0.3.1
AD_Base 9.0.0

Changes

None.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.