When trying to provision an exchange account the below error is being thrown:
An Active Directory error 0x52 occurred when trying to check the suitability of server '10.10.100.10'. Error: 'Active directory response: A local error occurred.']: failed to add eTADSAccountName=TestUserName,eTADSOrgUnitName=OUName,eTADSOrgUnitName=OUName,eTADSOrgUnitName=OUName,eTADSDirectoryName=TestAD,eTNamespaceName=ActiveDirectory,dc=im,dc=etasa
Release : 14.4
Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)
Component : CA IDENTITY MANAGER (IDENTITY MANAGER)
The issue is caused by misconfigured server settings within the endpoint settings to use the IP address. It is recommended by Microsoft to use the FQDN.
The eTADSprimaryServer and eTADSServerName attributes need to be updated to both use an FQDN. Please follow the below KB to update these attributes:
How to change the ADS Endpoints hostname and/or clear the failover list of DCs when a DC is decommissioned
This can also be done by opening Jxplorer and connect to the provisioning directory router through 20391. Navigate to:
Review the eTADSprimaryServer and eTADSServerName update both these attributes to use the FQDN. Cycle the IMPS and then update the password through Provisioning Manager. The password must be updated, it does not need to be changed but it will need to be reentered.
FQDN Requirement as stated by Microsoft:
Error 52 under normal circumstances means that you are not able to connect to the destination and it is best to attempt to connect to the destination using an external source, in this case, we used PowerShell.
By using PowerShell on the Connector server machine to test the command being submitted. For example, the original command being sent in this KB was:
Enable-Mailbox -DomainController 10.10.100.10 -Identity 'User DN String' - Alias 'UserAlias'
and this displayed the same error message as what IDM/IMPS were displaying.
To fix the modification
Enable-Mailbox -DomainController FQDN -Identity 'User DN String' - Alias 'UserAlias'
We were successfully able to create the mailbox.
To find this command within your logs:
set the ADS_AGENTLESS_LOGLEVEL environment variable on the CCS to level 2 > Cycle the connector server > Reproduce the issue
Navigate to CCS/logs/ADS/EndpointName.log
Search for 'Enable-Mailbox'
This will display the actual command being executed to exchange. The '-DomainController' tag is not a part of the command in the logs as it is appended through the product. It will need to be added as shown in the above examples.