I need some help here. I have a new AD driver I'm working with. I
can't seem to get this to set the password when creating a user object
in AD. The password is properly set in the Identity Vault. The user
object gets created, the I get a "Could not set password via platform
call. Err=5 (access denied)" error. The driver is authenticating with
an account that has domain admin rights. For what it's worth, I get the
same error when the driver uses the administrator account.

The DC and the RL are both Windows machines in the same domain. I can
post the driver configuration, if someone can tell me how to attach it.
It's too big to paste here.

Below is a portion of the DSTrace from the driver.

13:04:18 4EF95940 Drvrs: AD Staff ST:Remote Interface Driver:
Sending...
13:04:18 4EF95940 Drvrs: AD Staff ST:
<nds dtdversion="4.0" ndsversion="8.x">
<source>
<product edition="Standard" version="4.0.1.0">DirXML</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<add cached-time="20121102180417.895Z" class-name="user"
dest-dn="CN=Blaine Moreland,ou=staff,ou=hsd,dc=hsd,dc=loc"
event-id="JDBC-Staff#Publisher#7953149:cdb852e5-19f5-495e-8d25-85e55fb9efa2"
qualified-src-dn="O=hsd\OU=administration\CN=bmoreland"
src-dn="\TST-HAZELWOOD\hsd\administration\bmoreland"
src-entry-id="33394" timestamp="1351879457#12">
<add-attr attr-name="mail">
<value timestamp="1351879457#7"
type="string">bmoreland@hazelwoodschools.org</value>
</add-attr>
<add-attr attr-name="givenName">
<value timestamp="1351879457#8" type="string">Blaine</value>
</add-attr>
<add-attr attr-name="dirxml-uACAccountDisable">
<value timestamp="1351879457#9" type="state">false</value>
</add-attr>
<add-attr attr-name="physicalDeliveryOfficeName">
<value timestamp="1351879457#3" type="string">WEST HIGH</value>
</add-attr>
<add-attr attr-name="sn">
<value timestamp="1351879457#12" type="string">Moreland</value>
</add-attr>
<add-attr attr-name="homePhone">
<value timestamp="1351879457#11" type="string">21735</value>
</add-attr>
<add-attr attr-name="displayName">
<value timestamp="1351879457#5" type="string">Blaine Moreland</value>
</add-attr>
<add-attr attr-name="title">
<value timestamp="1351879457#6" type="string">SUMMER SCHOOL CAMP
INSTRUCTOR</value>
</add-attr>
<add-attr attr-name="homeDirectory">
13:04:18 4EF95940 Drvrs: <value
type="string">\\hsd-data1\usr\%username%</value>
</add-attr>
<add-attr attr-name="homeDrive">
<value type="string">H:</value>
</add-attr>
<add-attr attr-name="userPrincipalName">
<value>bmoreland@hsd.loc</value>
</add-attr>
<add-attr attr-name="sAMAccountName">
<value>bmoreland</value>
</add-attr>
<add-attr attr-name="homeMDB">
<value type="string">CN=MBDB1,CN=Databases,CN=Exchange Administrative
Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First
Organization,CN=Microsoft
Exchange,CN=Services,CN=Configuration,dc=hsd,dc=lo c</value>
</add-attr>
<add-attr attr-name="mailNickname">
<value type="string">bmoreland</value>
</add-attr>
<password><!-- content suppressed --></password>
</add>
</input>
</nds>
13:04:18 4EF95940 Drvrs: AD Staff ST:Remote Interface Driver: Document
sent.
13:04:18 4DF85940 Drvrs: AD Staff :Remote Interface Driver: Received.
13:04:18 4DF85940 Drvrs: AD Staff :
<nds dtdversion="1.1" ndsversion="8.7">
<source>
<product asn1id="" build="20110211_120000"
instance="\TST-HAZELWOOD\hsd\Driver-Set\AD Staff"
version="3.5.14">AD</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<add-association dest-dn="\TST-HAZELWOOD\hsd\administration\bmoreland"
dest-entry-id="33394"
event-id="JDBC-Staff#Publisher#7953149:cdb852e5-19f5-495e-8d25-85e55fb9efa2">2d632683cf5a534eb07b9f604b560c2e</add-association>
<status
event-id="JDBC-Staff#Publisher#7953149:cdb852e5-19f5-495e-8d25-85e55fb9efa2"
level="error" type="driver-general">Could not set password via platform
call. Err=5 (access denied)</status>
<status
event-id="JDBC-Staff#Publisher#7953149:cdb852e5-19f5-495e-8d25-85e55fb9efa2"
level="success"/>
</output>
</nds>


--
gregwilkerson
------------------------------------------------------------------------
gregwilkerson's Profile: https://forums.netiq.com/member.php?userid=590
View this thread: https://forums.netiq.com/showthread.php?t=46069