User Password is not updating from Endpoint to Provisioning store
book
Article ID: 129689
calendar_today
Updated On:
Products
CA Identity ManagerCA Identity GovernanceCA Identity Portal
Issue/Introduction
The CA Identity Management (IM) password sync agent is installed on a Windows Domain Controller (DC) but changes not getting propagated at the provisioning server even though the changed password data gets reflected in sync_agent log file.
The eta_pwdsync.log file has the following error
20190301.14:08:57. TID=006c. ! Warning: eTrust Admin user account 'AS139' has not been found. LDAP error: No such object. Administrator DN: 'eTGlobalUserName=pwdsync,eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=eta'. Search from DN: 'eTADSDirectoryName=AD_EXCHANGE_ENDPOINT,eTNamespaceName=ActiveDirectory,dc=im,dc=eta'. Scope: 'LDAP_SCOPE_SUBTREE'. Filter: '(&(eTADSsAMAccountName=AS139)(objectClass=eTADSAccount))'. Attribute: 'objectClass'. Attr. only: 'false'. Timeout: '20'.
Cause
This can be seen when there is a flag on the AD Account (ie account locked or password expired).
Environment
CA Identity Manager 14.x CA Identity Suite 14.x
Resolution
If this issue is encountered again please check the Active Directory (AD) account status.