Failed to enable password change permission on the 'XXXX' object in AD error during Computer UNAB registration

book

Article ID: 227083

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Starting UNAB version v14.10.0.1707, every time a new server is registered with UNAB, the following message is displayed

Failed to enable password change permission on the 'XXXXXX' object in AD.

Despite the error however, UNAB still  works correctly

 

 

 

 

Cause

In the latest UNAB versions,  uxconsole always attempts to enable password change permission for the computer object during registration.  This is a modification of the UNAB logic based on some use cases where computer objects were required to be able to change their passwords in Active Directory (AD).

Environment

UNAB version v14.10.0.1707 and later

Resolution

This error is harmless and can be ignored unless it is required in your environment that the computer objects are able to change/reset their passwords in AD