Active Directory accounts fail to sync with INVALID EMAIL ADDRESS error in Identity Manager
search cancel

Active Directory accounts fail to sync with INVALID EMAIL ADDRESS error in Identity Manager

book

Article ID: 36159

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

When attempting to synchronize active directory accounts and their global users, the following error occurs: 

ACCOUNT FOR GLOBAL USER 'USER' ON ACTIVE DIRECTORY ENDPOINT 'ACTIVE DIRECTORY' UPDATE FAILED: CONNECTOR SERVER MODIFY FAILED: INVALID EMAIL ADDRESS: FIRSTNAME'[email protected] (LDAPS://SERVER:PORT#)

Environment

Release:
Component: IDMGR

Cause

The reason this error occurs is that the account template's Proxyaddress field is mapped in such a way that special characters exist in the proxy email address. This error is coming from Active Directory as AD does not allow any special characters in this field. For example, proxyaddress is mapped to user full name, and the full name contains an apostrophe.  

Resolution

Remove any special characters from the proxy address field.