search cancel

Office365 creation failed - user principal name is not configured to manage.

book

Article ID: 253063

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

When assigning a Provisioning Role that contains the Office 365 licensing assignment, an error occurs and does not assign the profile to the user.


ERROR  - A remote server returned an error: org.apache.directory.shared.ldap.exception.LdapNamingException: [email protected]: JNDI: Unable to create user [[email protected]] because the domain provided in user principal name is not configured to manage. [Root exception is javax.naming.NamingException: Unable to create user [[email protected]] because the domain provided in user principal name is not configured to manage.]

Environment

Identity Manager 14.4

Cause

The Domains, from the Office 365 endpoints were not all selected.

For example, for the image below, select all Domains

Resolution

From the Office 365 endpoint, Domains tab, select All Managed Domains and save

Additional Information

In case All domains are already selected, check the following:


- From Office 365 UI, check if all domains are managed and NOT Federated. We do not manage Federated Domains
- Run the command "get-msoldomain | select name, status, authentication | fl" from the Java Connector Server machine to check if the Office 365 domains are managed

 

If the problem still persists, collect the Java Connector Server in Debug mode as described below, raise a new case and upload the JCS logs to the case.

1. Go the the folder
X:\...\CA\Identity Manager\Connector Server\etc
2. Rename the file org.ops4j.pax.logging.cfg TO org.ops4j.pax.logging.cfg.orig
3. Rename the file org.ops4j.pax.logging.cfg.verbose TO org.ops4j.pax.logging.cfg
4. Restart the Connector Server (Java)
5. Reproduce the issue and collect the Java Connector Server logs

- X:\...\CA\Identity Manager\Connector Server\jcs\logs
- Zip the folder X:\...\CA\Identity Manager\Connector Server\jcs\logs\<YourDynEndpointName>