dschaldenovell wrote:

> Good morning,
> It was reported by my customer that there is a user that seems to be
> having some issues with logins that are handled by AD. We currently
> have a simple IDM 3.5.1 setup, we are only using the eDirectory to A/D
> driver, to sync users in the F/P (production) network, to an A/D
> domain for citrix access. For the most part the system has been rock
> solid, though every so often we have reports of users not sync'd to
> A/D.
> That said on this user, SJACKSON, we were seeing an error previously
> that said that the user was not associated with any policies (or
> something to that effect I apologize for not having the correct syntax
> here), further we are seeing in C1 -> under the "Other" tab an error
> "CODE(-8032) Operation vetoed by policy)". When I checked the user
> password status in iManager this morning it shows the user is sync'd
> (green check mark), though in C1 it still reports the (-8032) error.

Set the driver to trace level 3 and remove the pending association from
the user (If it exists at least) and change an attribute on the user
that is listed in the driver filter. Post the trace here so we can see
why the event is being vetoed.