When assigning Provisioning Role to Global Users for account creation purpose on some hierarchical Endpoints (i.e. Active Directory,  JNDI DYN),   the Provisioning Server reports LDAP error 70 (0x0046 - Results too large).

In etatrans log, the 'External Modify' operation got 'Results too large' error.

FAILURE: External Modify (eTGlobalUserName=<username>)
rc:  0x0046 (Results too large)
msg: ETA_E_0070<MGU>, Global User '<username>' provisioning role memberships added successfully. Associated accounts creation or update failed: (accounts created: 0, updated: 0, re-created: 0, failures: 1)

The 'Child Add' operation got account 'Already Exists' error.

FAILURE: Child Add (eTDYNAccountName=<account name>)
rc:  0x0044 (Already exists)
msg: ETA_E_0004<AAC>, User Account '<account name>' on '<endpoint>' creation failed: Object already exists; provisioning directory updated

Identity Manager 12.x/ 14.x

Endpoint Account already exists in the target account container
Endpoint Account with same account id already exists in another account container

Enable the following Synchronization settings on IM Provisioning Manager > System > Domain Configuration > Synchronization

• Automatic Correlation = Yes (or 'Use Correlation Attr' if Correlation Attribute list has been customized)
• Use Existing Accounts = Yes
• Force single account across multiple containers = Target Endpoint Type;

Also see the following Knowledge Article:

https://knowledge.broadcom.com/external/article?articleId=26596