Symptoms:

• Active Directory integration shows the following error when clicking on Integration tab, the same error is visible in the provisioning service logfile located under /var/log/services-logs/prelude/provisioning-service-app/file-logs/provisioning-service-app.log:

"403 FORBIDDEN "Cannot delete as there are resources associated with the project." Error id: <id>".
 

• Attempts to delete the integration fail with:

• Projects leveraging the AD integration have either been deleted or the change project action has been run on resources associated with the AD integration.

VMware Aria Automation 8.x

Users that either delete a project or use the Change project action with an active directory integration attached to the project will encounter this issue.

This is because Active Directory does not listen to events that happen from Project Service. So events such as deletion of a project and the changing of resources from one project to another in regards to the active directory are not propagated on the active directory side. They only take place on the project side; thus, we end up in an inconsistent state where the database in active directory does not reflect the changes made to the projects.

A resolution is planned for the Aria Automation 8.17 release. The fix will take the form of an Api which can be leveraged to correct the inconsistencies preventing the deletion of the Active Directory integration.

Workaround:
If the issue is production impacting and time sensitive then raise a support request referencing this KB article and it will be investigated if a manual cleanup can be performed.