problem 4003 (INSUFF_ACCESS_RIGHTS) error when deleting Active Directory objects
search cancel

problem 4003 (INSUFF_ACCESS_RIGHTS) error when deleting Active Directory objects

book

Article ID: 326165

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • Out of the box VMware Aria Automation Orchestrator (formerly vRealize Orchestrator) content fails to delete Active Directory objects when using the Active Directory plug-in for Automation Orchestrator.
Example: destroyElementRecursive action or Destroy a computer workflow fails with an error similar to:
ERROR(com.vmware.library.microsoft.activeDirectory/destroyElementRecursive) Error in (Dynamic Script Module name : destroyElementRecursive#1) Error when destroying an element: 00000005: SecErr: DSID-03152CA5, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0


Environment

VMware vRealize Orchestrator 8.x
VMware Aria Automation 8.x
VMware Aria Automation Orchestrator 8.x
VMware vRealize Automation 8.x

Cause

The issue can occur when the account executing the Aria Automation Orchestrator content is missing the required permissions in Microsoft Active Directory.

Resolution

Validate that the user account has the required permissions to delete Active Directory objects.

Where subtrees exist for the objects being removed its necessary to grant the user the Delete Subtree permissions.