This is happening since RACFv2 is creating an account in RACF with default Group and/or Connect Group, it runs a listuser command to RACF via CA LDAP Server for each existing user in the group that user will be created.
If RACF taking time to do listuser command for each user of group this will be the time spent before ADDUSR command in RACF.
Release : 14.3 GA / CP1
Component : IdentityMinder(Identity Manager)
The behavior is fixed in 14.3 CP2 and 14.4 GA
For older releases use the following steps:
1. Open Connector Xpress and connect to provisioning Server.
2. Expand the "Endpoint Types" then right click on the "RACF v2" then select "Create Project".
3. ConXp does not display all properties by default. You need to enable "Show extended metadata" from Tools / Preferences menu options.
4. Expand attributes of "User Account" then select "Default Group".
5. Uncheck the "DNtestExists" check box under "Extended Properties".
6. Expand under "Classes" the "Account to Group Association"
7. Expand "Attributes"
8. Expand "Group Name"
9. Uncheck the "DNtestExists" check box under "Extended Properties"
10. Expand under "Classes" the "Group to Account Association"
11. Expand "Attributes"
12. Expand "Group User Name"
13. Uncheck the "DNtestExists" check box under "Extended Properties"
14. Right click on "RACF v2" then select "Deploy metadata" - make sure to increase the version in next window.
15. Restart Provisioning Server as well as JCS for these changes to become effective.
Open a new Provisioning Manager window and try to create a RACFv2 account with one default group.
You should notice the creation is no longer taking several minutes for the account to be created.