problem 4003 (INSUFF_ACCESS_RIGHTS) error when deleting Active Directory objects
book
Article ID: 326165
calendar_today
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
Out of the box VMware Aria Automation Orchestrator (formerly vRealize Orchestrator) content fails to delete Active Directory objects when using the Active Directory plug-in for Automation Orchestrator.
Example: destroyElementRecursive action or Destroy a computer workflow fails with an error similar to:
ERROR(com.vmware.library.microsoft.activeDirectory/destroyElementRecursive) Error in (Dynamic Script Module name : destroyElementRecursive#1) Error when destroying an element: 00000005: SecErr: DSID-03152CA5, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
The issue can occur when the account executing the Aria Automation Orchestrator content is missing the required permissions in Microsoft Active Directory.
Resolution
Validate that the user account has the required permissions to delete Active Directory objects.
Where subtrees exist for the objects being removed its necessary to grant the user the Delete Subtree permissions.