problem 4003 (INSUFF_ACCESS_RIGHTS) error when deleting Active Directory objects
Article ID: 326165
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
- Out of the box VMware Aria Automation Orchestrator (formerly vRealize Orchestrator) content fails to delete Active Directory objects when using the Active Directory plug-in for Automation Orchestrator.
Example: destroyElementRecursive action or Destroy a computer workflow fails with an error similar to:
ERROR(com.vmware.library.microsoft.activeDirectory/destroyElementRecursive) Error in (Dynamic Script Module name : destroyElementRecursive#1) Error when destroying an element: 00000005: SecErr: DSID-03152CA5, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
Environment
VMware vRealize Orchestrator 8.x
VMware Aria Automation 8.x
VMware Aria Automation Orchestrator 8.x
VMware vRealize Automation 8.x
VMware Aria Automation 8.x
VMware Aria Automation Orchestrator 8.x
VMware vRealize Automation 8.x
Cause
The issue can occur when the account executing the Aria Automation Orchestrator content is missing the required permissions in Microsoft Active Directory.
Resolution
Validate that the user account has the required permissions to delete Active Directory objects.
Where subtrees exist for the objects being removed its necessary to grant the user the Delete Subtree permissions.
Feedback
Yes
No
Powered by
