VMware Cloud Community
seacliff1
Contributor
Contributor
Jump to solution

Unable to create a new user

I've just installed the Active Directory plugins 1.0.2 and I am trying to script an AD user creation using Orchestrator 4.2.0. I am using Windows 2008 R2 as my Active Directory server.

I get that error when I use port 3286 (using GC) :

"Unable to create a new user: InternalError: Failed to create user account...[LDAP: error code 53 - 00002035: LdapErr: DSID-0C090BF4, comment: Operation not allowed through GC port, data 0, v1db0 ] (Workflow: NewUsers / Create User (item7)#6)"

I get that error when I use port 389 (default port) :

"Unable to create a new user: InternalError: Failed to create user  account...[LDAP: error code 53 - 0000052D: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0] (Workflow:NewUsers / Create User (item7)#3)(Workflow: NewUsers / Create User (item7)#6)"

Configuration on the server side looks good. I am using the same information as the LDAP configuration (without the copy checkbox) and I am using an Administrator as the user (until I can fix this error).

This is the script line that cause the error :

userOU.createUser(accountName,domainName,displayName);

where accountName, domainName and displayName are string and userOU is a valid OU selected using the GUI.

Anyone has any idea how to fix this?

thanks,

Phil

Reply
0 Kudos
1 Solution

Accepted Solutions
Burke-
VMware Employee
VMware Employee
Jump to solution

Quite possible on the password restrictions as Joerg points out... if that is the case, you must configure the AD plug-in to use SSL - in order to do so, you will need to import a Domain Controller Authentication certificate to vCO. That certificate will allow vCO to establish secure connection to your domain controller to create new user accounts with passwords Smiley Happy

Good Luck!

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter

View solution in original post

Reply
0 Kudos
4 Replies
tschoergez
Leadership
Leadership
Jump to solution

Hi!

For Troubleshooting such issues see this article: http://www.vcoportal.de/2011/07/troubleshooting-ldap-erros-in-vco/

In your case the error code 53 means: "Unwilling to perform".

To get some ideas of the root cause: http://stackoverflow.com/questions/1073643/adding-ldap-entries-using-jndi

Some guesses: Password restrictions, or no password set for the new user, but required by AD; DomainName in wrong notation ...

Cheers,

Joerg

Burke-
VMware Employee
VMware Employee
Jump to solution

Quite possible on the password restrictions as Joerg points out... if that is the case, you must configure the AD plug-in to use SSL - in order to do so, you will need to import a Domain Controller Authentication certificate to vCO. That certificate will allow vCO to establish secure connection to your domain controller to create new user accounts with passwords Smiley Happy

Good Luck!

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
Reply
0 Kudos
igaydajiev
VMware Employee
VMware Employee
Jump to solution

The Active directory plugin must be configured to use SSL  (ldaps protocol ) in order to be able to add/remove users.

Not sure if you already saw following document http://communities.vmware.com/docs/DOC-21481.

There were some issues wuth the 1.0.2 GA version of the plugin that got resolved. I will recomend you to use the 1.0.2-683 version.


seacliff1
Contributor
Contributor
Jump to solution

Thanks guys, seems like I needed the Certificate configured.

Reply
0 Kudos