ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Error while creating Users in Identity Manager using "Create From Copy option" with Active Directory as the user store.

book

Article ID: 41667

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Question:

When creating a user using “Create a copy of a user” functionality, why does the task fail with the below error message?

[LDAP: error code 53 - 0000209A: SvcErr: DSID-031A0F94, problem 5003 (WILL_NOT_PERFORM), data 0

Answer:

This problem may occur when you try to copy user data that cannot be written to Active Directory during the user creation. Data that cannot be written to Active Directory will originally exist when you try to create the user using copy option.

Additional Information:

According to the below link on Microsoft's:

https://support.microsoft.com/en-us/kb/276382

Following 'User fields that cannot be imported' are protected system fields and cannot be modified through an LDIFDE import:

badPasswordTime

badPwdCount

lastLogoff

lastLogon

logonCount

memberOf

objectGUID

objectSid

primaryGroupID

pwdLastSet

sAMAccountType

Environment

Release:
Component: IDMGR