AD Integration fails to remove child objects when deployments are deleted
search cancel

AD Integration fails to remove child objects when deployments are deleted

book

Article ID: 375992

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms :

  • Deployments that were deleted still have computer objects created through AD Integration.
  • The AD integration action run produces the following logs:

          [INFO] - [ad-integration] Deleting the machine with name: CN=msmq,CN=CloudVM001,OU=GSS,OU=Computer Accounts,OU=LAB,DC=vmlabs,DC=local

          [INFO] - [ad-integration] Deleting the machine with name: CN=CloudVM001,OU=GSS,OU=Computer Accounts,OU=LAB,DC=vmlabs,DC=local

          [INFO] - [ad-integration] Response from ad operation: {'result': 66, 'description': 'notAllowedOnNonLeaf', 'dn': '', 'message': '00002015: UpdErr: DSID-031A123C, problem 6003 (CANT_ON_NON_LEAF), data 0nu0000', 'referrals': None, 'type': 'delResponse'}

         Note: The child object ‘msmq’ corresponds to the Microsoft Message Queuing feature enabled on the client machine. The child object name may vary based on the enabled feature.

Environment

VMware Aria Automation 8.x

Cause

The issue occurs when the service account used in AD Integration lacks permission to delete child objects.

Resolution

Grant the “Delete all child objects” permission to the service account used by AD Integration for the OU containing the Computer Objects.

Powered by Wolken Software