Symptoms
Task named Remove AD entity of type 'UserAccount' (LDAP:'CN=user1,OU=S001234567,OU=R0001000002,OU=Hosting,DC=domain,DC=local'; entity_id: 12123)
fails with the error:
Output Destination host 'AD01.hosting.local' (#8), IP '192.1168.1.10' : Provisioning request failed. Access is denied. [<response><errorContext description="Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" code="0x80070005" executeSeqNo="11"><errorSource namespace="Error Provider" procedure="SetError"/><errorSource namespace="Managed Active Directory" procedure="RethrowError_"/><errorSource namespace="SW Managed Active Directory" procedure="DeleteUser"/></errorContext></response>]
Cause
Incorrect permissions on the object CN=user1,OU=S001234567,OU=R0001000002,OU=Hosting,DC=domain,DC=local
- domain\Domain Admins group does not have enough permissions. Possible reason - subscription was migrated from another domain.
Resolution
Give all permission to Domain admins
group on the affected object.