Not able to sync attributes on AD endpoint
search cancel

Not able to sync attributes on AD endpoint


Article ID: 100876


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite


We have AD endpoints defined in the system e.g.: AD1 and AD2. Both are connecting to different AD domains.
We have a requirement wherein the attributes from the global user are supposed to be pushed to their respective account in both the AD’s.
But the attributes are pushed successfully to AD1 endpoint and fails to sync to the other AD2 endpoint.
Below is the failure message that we get for the failure:
ETA_E_0083, Account for Global User '<username>' on Active Directory Endpoint '<AD2 hostname>' update failed: Connector Server Modify failed: code 16 (NO_SUCH_ATTRIBUTE): failed to modify entry
 eTADSAccountName=<account name>,eTADSOrgUnitName=<OU1>,eTADSOrgUnitName=<OU2>,eTADSDirectoryName=<AD2 hostname>,eTNamespaceName=ActiveDirectory,dc=<DC1 hostname>,
dc=etasa: JCS@<JCS hostname>: JNDI: [LDAP: error code 16 - No Such Attribute]:


All Identity Manager


Found into the eta transaction log that during the user account creation process, extended attributes coming into the eTADSpayload since they are set into templates in use for AD2 endpoint. 
Those extensionAttributeN are not defined into the <AD2 hostname> endpoint schema (when they are on other <AD1 hostname> target).


Removed extended attributes from the custom fields in the templates used for AD2 since the endpoint does not manage them