My Oracle Support Banner

OIM cannot Add Users to AD Groups, though it can Create/Modify Users in AD (Doc ID 1469709.1)

Last updated on JULY 21, 2020

Applies to:

Identity Manager Connector - Version to [Release 10gR2]
Information in this document applies to any platform.
**Checked for Relevance on 02-Dec-2013**


The OIM-AD connector cannot add users to groups that it was able to add users to yesterday.
It is not the OIM Admin user, since it can log onto a DC server in the domain that the group belongs to and service the account.
- Was able to add a user to the group.

OIM is unable to add the any user to any group.

The error message in the OIM logs is:
ERROR,20 Jun 2012 13:25:29,156,[XL_INTG.ACTIVEDIRECTORY],Problem modifying object: javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHT
S), data 0
^@]; remaining name ''

The OIM-AD connector is still able to create users, modify their CNs, etc.

AD_Base 9.0.0




To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.