Remove AD entity of type 'UserAccount' Access is denied

Modified on: Thu, 23 Jan, 2020 at 6:09 AM

Operations Automation Operations Automation:5.4 Operations Automation:5.5 Operations Automation:5.x Operations Automation:6.0 Operations Automation:6.x Operations Automation:7.2 Operations Automation:7.x

Symptoms

Task named Remove AD entity of type 'UserAccount' (LDAP:'CN=user1,OU=S001234567,OU=R0001000002,OU=Hosting,DC=domain,DC=local'; entity_id: 12123) fails with the error:

Output  Destination host 'AD01.hosting.local' (#8), IP '192.1168.1.10' : Provisioning request failed. Access is denied. [<response><errorContext description="Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))" code="0x80070005" executeSeqNo="11"><errorSource namespace="Error Provider" procedure="SetError"/><errorSource namespace="Managed Active Directory" procedure="RethrowError_"/><errorSource namespace="SW Managed Active Directory" procedure="DeleteUser"/></errorContext></response>]

Cause

Incorrect permissions on the object CN=user1,OU=S001234567,OU=R0001000002,OU=Hosting,DC=domain,DC=local - domain\Domain Admins group does not have enough permissions. Possible reason - subscription was migrated from another domain.

Resolution

Give all permission to Domain admins group on the affected object.

Internal content

Did you find it helpful? Yes No