On 8/8/2012 7:16 AM, dschaldenovell wrote:
> Good morning,
> It was reported by my customer that there is a user that seems to be
> having some issues with logins that are handled by AD. We currently have
> a simple IDM 3.5.1 setup, we are only using the eDirectory to A/D
> driver, to sync users in the F/P (production) network, to an A/D domain
> for citrix access. For the most part the system has been rock solid,
> though every so often we have reports of users not sync'd to A/D.
> That said on this user, SJACKSON, we were seeing an error previously
> that said that the user was not associated with any policies (or
> something to that effect I apologize for not having the correct syntax
> here), further we are seeing in C1 -> under the "Other" tab an error
> "CODE(-8032) Operation vetoed by policy)". When I checked the user
> password status in iManager this morning it shows the user is sync'd
> (green check mark), though in C1 it still reports the (-8032) error.
> Where should I start looking for troubleshooting?

If you came in via the Web interface to the forums, there is a sticky
post at the top that lists a bunch of articles to read. There are a
couple of good ones on DSTrace, which is what we really need to see as
Edward and Aaron suggested.