Active Directory accounts fail to sync with INVALID EMAIL ADDRESS error in Identity Manager

book

Article ID: 36159

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Issue: 

When attempting to synchronize active directory accounts and their global users, the following error occurs: 

ACCOUNT FOR GLOBAL USER 'USER' ON ACTIVE DIRECTORY ENDPOINT 'ACTIVE DIRECTORY' UPDATE FAILED: CONNECTOR SERVER MODIFY FAILED: INVALID EMAIL ADDRESS: FIRSTNAME'[email protected] (LDAPS://SERVER:PORT#)

 

Environment: 

Any environment with an Active Directory endpoint.

 

Cause: 

The reason this error occurs is that the account template's Proxyaddress field is mapped in such a way that special characters exist in the proxy email address. This error is coming from Active Directory as AD does not allow any special characters in this field. For example, proxyaddress is mapped to user full name, and the full name contains an apostrophe.  

 

Resolution:

Remove any special characters from the proxyaddress field. 

Environment

Release:
Component: IDMGR