PAM-CM-0789: The password change process was not specified for AD Connector CLI
search cancel

PAM-CM-0789: The password change process was not specified for AD Connector CLI

book

Article ID: 233043

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

When running the following updateTargetAccount cli -> with all the correct Active Directory connector parameters:

capam_command capam=<pam server> adminUserId=super adminPassword=<super password> cmdName=updateTargetAccount TargetAccount.ID=<Target Account ID> TargetServer.hostName=<Target Hostname> TargetApplication.name=<Target Application> [email protected] TargetAccount.privileged=true Attribute.userDN=CN=testuser,CN=Users,DC=COMPANY,DC=COM TargetAccount.synchronize=false TargetAccount.extensionType=windowsDomainServFice Attribute.useOtherAccountToChangePassword=false TargetAccount.password=<New Password>

we get the following error:

PAM-CM-0789: The password change process was not specified.  The value assigned to the useOtherAccountToChangePassword attribute must be true or false.

In the above command we have -> Attribute.useOtherAccountToChangePassword=false

Environment

Release : 3.4.x

Component : PRIVILEGED ACCESS MANAGEMENT

Cause

The attribute Attribute.userDN has equal signs (=) therefore it is not be evaluated correctly without double quotes.

Resolution

To resolve this you need to put double quotes around the value:

Attribute.userDN=CN=testuser,CN=Users,DC=COMPANY,DC=COM

example:

Attribute.userDN="CN=testuser,CN=Users,DC=COMPANY,DC=COM"

The reason is because it has equal signs in it, which is not being evaluated correctly, when not in double quotes.

Additional Information

Attribute.otherAccount=1055

Powered by Wolken Software