Hi,

We have IDM45, having AD driver to do user provisioning to the domain
Intern.ABC.COM.

As of now, we are not setting the userPrincipalName in AD, AD is setting
the value as XYZ@Intern.ABC.Com, which is users initials + @domain
name.

Now, the customer wants to have this value should be added/updated via
IDM and the format should be : user's initilas + @ABC.com.

I tried to change the rule in creation policy, also enabled the filter
from IDM to AD for this attribute.

But when i tried to create a user, it failed and its throwing below
error. Pelase help.

As per my knowledge I think userPrincipalName in AD is a readonly
attribute and that we can not set it from IDM. But I am not sure. Please
let me know if this is correct OR if its doable, please share your
thougths.

DirXML Log Event -------------------
Driver: \ABCORGIDV\system\driverset1\AD-Internal-ABCORG
Channel: Subscriber
Object: \ABCORGIDV\ABCORG\users\employees\Z6hss
Status: Error
Message: <ldap-err ldap-rc="19"
ldap-rc-name="LDAP_CONSTRAINT_VIOLATION">
<client-err ldap-rc="19"
ldap-rc-name="LDAP_CONSTRAINT_VIOLATION">Constraint
Violation</client-err>
<server-err>00002081: AtrErr: DSID-031513A5, #1:
0: 00002081: DSID-031513A5, problem 1005 (CONSTRAINT_ATT_TYPE), data 0,
Att 90290 (userPrincipalName)
</server-err>
<server-err-ex win32-rc="8321"/>

THanks
-dk


--
dinatechmnovell
------------------------------------------------------------------------
dinatechmnovell's Profile: https://forums.netiq.com/member.php?userid=6777
View this thread: https://forums.netiq.com/showthread.php?t=54791