OIM cannot Add Users to AD Groups, though it can Create/Modify Users in AD
(Doc ID 1469709.1)
Last updated on MARCH 08, 2017
Applies to:Identity Manager Connector - Version 18.104.22.168.0 and later
Information in this document applies to any platform.
**Checked for Relevance on 02-Dec-2013**
The OIM-AD connector cannot add users to groups that it was able to add users to yesterday.
It is not the OIM Admin user, since it can log onto a DC server in the domain that the group belongs to and service the account.
- Was able to add a user to the group.
OIM is unable to add the any user to any group.
The error message in the OIM logs is:
ERROR,20 Jun 2012 13:25:29,156,[XL_INTG.ACTIVEDIRECTORY],Problem modifying object: javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHT
S), data 0
^@]; remaining name ''
The OIM-AD connector is still able to create users, modify their CNs, etc.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.|