OIM cannot Add Users to AD Groups, though it can Create/Modify Users in AD
Last updated on MARCH 08, 2017
Applies to:Identity Manager Connector - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
**Checked for Relevance on 02-Dec-2013**
The OIM-AD connector cannot add users to groups that it was able to add users to yesterday.
It is not the OIM Admin user, since it can log onto a DC server in the domain that the group belongs to and service the account.
- Was able to add a user to the group.
OIM is unable to add the any user to any group.
The error message in the OIM logs is:
ERROR,20 Jun 2012 13:25:29,156,[XL_INTG.ACTIVEDIRECTORY],Problem modifying object: javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A48, problem 4003 (INSUFF_ACCESS_RIGHT
S), data 0
^@]; remaining name ''
The OIM-AD connector is still able to create users, modify their CNs, etc.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms