Knowledge Base

Support Policies

Not able to update AD attributes for some users using different Service Account

Affected Versions: All

Description: You're using a non-administrator service account to bind to Active directory and encounter error when updating for some users. 

Cause: These users are part of the protective group. By default inheritance permissions is disabled for member of this group.

Resolution:
Enable permission inheritance for the AdminSDHolder

or

Apply the required permission for the service account to the AdminSDHolder 

More Information:
You can find out if the user is a member of the protective group by search the AD attribute "AdminCount" . If the value is set to 1, the user is part of the protective group.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.