Symantec Identity Management

Expand all | Collapse all

Failure in removing Active Directory Domain group from user AD Account

Jump to Best Answer
  • 1.  Failure in removing Active Directory Domain group from user AD Account

    Posted 13 days ago
    Edited by CHIA MIN Lim 13 days ago
    Hi Everyone,

    I have 4 AD domain running in the production environment. These 4 AD domain are child domain pointing to the same root domain. I'm attempting to remove a user's Active Directory account (The account is in Domain 1) group membership ( The group reside in Domain 2) using etautil command:

    update 'eTADSOrgUnitName=XXX,eTADSDirectoryName=Domain1 AD endpoint Name' eTADSGroup eTADSGroupName='GroupName' to -eTADSmember='CN=XXX.. DC= Domain 2 '

    and the etautil throw back the error Active Dir. Group 'GroupName' modification failed: Connector Server Modify failed: code 32 (NO_SUCH_OBJECT) ..... JCS@ServerName: no information available for connector: eTADSDirectoryName=Domain2....

    But when I remove manually using Provisioning Manager by searching the Group from the Endpoint and remove the account from the group, it work successfully.

    Has anyone hit this issue before? My IDM Suite is running on version 14.3.0

    Thank You


  • 2.  RE: Failure in removing Active Directory Domain group from user AD Account
    Best Answer

    Posted 8 days ago

    If Provisioning Manager works I would expect etautil to work.

    Please review this through the Provisioning Manager.  Please review the etatranslog and check how your etautil should look.  The etatrans will show the modify request to update an attribute value and configure your etautil off of that.  Thank you!



    ------------------------------
    Best regards,

    Scott Owens
    Sr Support Engineer

    ------------------------------
    And, as always Perhaps there are others in the communities who have experience in doing this and we invite them to comment here also.

    Another option may be to reach out to our partner HCL Technologies to see in what way they can assist further. The Enterprise Studio team of HCL can be reached at enterprisestudio@hcl.com. https://www.hcltech.com/enterprise-studio
    ------------------------------
    ------------------------------