Error: 'Active Directory read failed: ADS Directory Add: Can't get object category attribute" - Active directory can't be opened
search cancel

Error: 'Active Directory read failed: ADS Directory Add: Can't get object category attribute" - Active directory can't be opened

book

Article ID: 216856

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

This was working fine for a while and stopped without any change in the environment.

Active Directory Endpoint can't be opened, we can't provision having this errors:

In Provisioning Manager having the error: 'Active Directory read failed: ADS Directory Add: Can't get object category attribute" when trying see properties of any Active Directory account.

Environment

Release : 14.3 CP2 Vaap

Component : IdentityMinder(Identity Manager)

Cause

The  " eTErrorMsg: :ETA_E_0020<RAC>, Active Dir. Account '<AccountName>' on 'Active Directory read failed: ADS Directory Add: Can't get object category attribute" is because of lack of eTADSObjectCategory value. Can see that that value is missing in child search result set. somehow that value is gone from the IMPD. 
Besides, it's missing another mandatory attribute "eTADS-DefaultContext"  as well

For some reason the data was corrupted for attributes eTADSObjectCategory and eTADS-DefaultContext the ActiveDirectory .

Resolution

 3 AD endpoints acquired for Active Directory endpoint type. There were two attributes in one of their Active Directory endpoint that were missing in IMPD port 20394.

For some reason the data was corrupted and after put again data inside of eTADSObjectCategory and eTADS-DefaultContext the ActiveDirectory endpoint started to work fine for all other endpoints.

Check all AD Endpoints if have multiple AD endpoints. This caused problems to all ADS endpoints even the data was corrupted in only one of the Endpoints.

Powered by Wolken Software