Password reset made in IDM not syncing with AD

book

Article ID: 143168

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

Account modifications made in IDM (Password resets, phone number, location etc) are not synced to Active Directory. When submitting the task the status shows as failed. Drilling down further into the task the event name that specifically fails is "Synchronize user attributes with accounts".  Here is the sample of error message
 
LDAP:error code 70 Global user 'xxxxx' updated successfully. Associated accounts update failed (accounts update:0, unchanged:0, failures: 1) 
 
 

Cause

This is due to insufficient privilege for the credential that was used to connect to AD 

Environment

Release : 14.3

Component : IdentityMinder(Identity Manager)

Resolution

Configure AD credential with proper permission and then restart Provisioning and Connector server