OIM AD Connector Create User Fails With: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) (Doc ID 2727133.1)

Last updated on NOVEMBER 04, 2021

Applies to:

Symptoms

Configured Active Directory User Management connector.

The service account used in the IT Resource was not added to "Account Operations" group, but was granted rights to create, update and disable users.

This is working when connecting directly to AD, but from the connector the Create User operation is failing with Access Denied:

<Oct 15, 2020 4:41:29,202 PM PKT> <Error> <ORACLE.IAM.CONNECTORS.ICFCOMMON.PROV.ICPROVISIONINGMANAGER> <BEA-000000> <oracle.iam.connectors.icfcommon.prov.ICProvisioningManager : createObject : Error while creating user
java.lang.RuntimeException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$15.createException(CommonObjectHandlers.java:283)
at org.identityconnectors.framework.impl.serializer.CommonObjectHandlers$15.createException(CommonObjectHandlers.java:280)
....................................
at org.identityconnectors.framework.impl.api.remote.RemoteFrameworkConnection.readObject(RemoteFrameworkConnection.java:153)
at org.identityconnectors.framework.impl.api.remote.RemoteOperationInvocationHandler.invoke(RemoteOperationInvocationHandler.java:101)
at com.sun.proxy.$Proxy626.create(Unknown Source)
....................................
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCCREATEOBJECT.CREATEOBJECT(adpADIDCCREATEOBJECT.java:109)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADIDCCREATEOBJECT.implementation(adpADIDCCREATEOBJECT.java:54)

Note that from the connector, all other operations (search, modify) are successful, only create fails.

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.