search cancel

Unable to sync users on a new LDAP domain


Article ID: 89350


Updated On:


CA Automic Workload Automation - Automation Engine


Affects Release version(s): null

Unable to sync users on a new LDAP domain


Component: AAUTEN


Affected versions: ALL (OM 8.00A, AE 9.00A, AE V10, AE V11)


When attempting to synchronize an LDAP user by clicking on the "Synchronize data with LDAP now" on a user with "LDAP connection" checked, a popup message with the following comes up:

U0020857 ACCESS DENIED: Only LDAP linked users are allowed to synchronize data.


This is usually caused by one of two reasons:

The user that is doing the ldap sync has not logged in successfully to the domain

the LDAP Variable in client 0 is not formatted correctly with the Windows AD.


The first time that a user is synced to the LDAP AD, it must be synced by a user who has already logged into that domain using their AD credentials to log into the AE.

Here is an example for creating a syncing a new user to the 'TEST' Domain:

1. Create the new user Automic\TEST in the client and select the LDAP check box on the user tab. (note* - if the sync is done now, it will return an error)

2. Next, log out of the user that was used to create the user Automic\TEST, and log-in using the Automic\TEST user with its LDAP password.

3. Now, If you go find the user object and select the sync button on the user tab, it should be able to pull back and sync with the rest of the AD information.

4. Lastly, Once the user has synced itself to the domain, you will be able to use that user to sync other users against the same domain.