User Password is not updating from Endpoint to Provisioning store

book

Article ID: 129689

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal

Issue/Introduction

The CA Identity Management (IM) password sync agent is installed on a Windows Domain Controller (DC) but changes not getting propagated at the provisioning server even though the changed password data gets reflected in sync_agent log file.

The eta_pwdsync.log file has the following error

20190301.14:08:57. TID=006c. ! Warning: eTrust Admin user account 'AS139' has not been found. LDAP error: No such object. 
Administrator DN: 'eTGlobalUserName=pwdsync,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta'. 
Search from DN: 'eTADSDirectoryName=AD_EXCHANGE_ENDPOINT,eTNamespaceName=ActiveDirectory,dc=im,dc=eta'. 
Scope: 'LDAP_SCOPE_SUBTREE'. 
Filter: '(&(eTADSsAMAccountName=AS139)(objectClass=eTADSAccount))'. 
Attribute: 'objectClass'. 
Attr. only: 'false'. 
Timeout: '20'. 


 

Cause

This can be seen when there is a flag on the AD Account (ie account locked or password expired).

Environment

CA Identity Manager 14.x
CA Identity Suite 14.x

Resolution

If this issue is encountered again please check the Active Directory (AD) account status.